Is Your Online Bank Really Secure? -...
Transcript of Is Your Online Bank Really Secure? -...
Is Your Online Bank Really
Secure?
Zoltan Szalai / eBanking Solution Manager April 25, 2013
eBanking Security 2
eBanking Security 3
Gemalto for You ONE THIRD OF THE WORLD’S POPULATION USE OUR SOLUTIONS EVERYDAY
BANKS & RETAIL
TELECOM
TRANSPORT
GOVERNMENT
ENTERPRISE
eBanking Security 4
40
70
200
MILLION ADVANCED DEVICES
MILLION DEVICES
EMPLOYEES
About eBanking
Over €2 BILLION in Revenue in 2012
€250+ MILLION Software and
Value Added Services
BILLION Intelligent Cards Produced and
Personalized on a Yearly Basis
14 R&D Centers
1,400 Scientists
15 Production Sites
28 Presonalization Centers
74 Sales & Marketing Offices
10,000 + Employees
100 Nationalities
43 Countries
About Gemalto
60
25
20%
MILLION IN REVENUE 2012
MILLION IN REVENUE 2009
EXPECTED ANNUAL GROWTH
Business Overview
eBanking Security 5
Gemalto’s Position 2013 MAGIC QUADRANT FOR STRONG AUTHENTICATION FROM GARTNER
As of March, 2013
eBanking Security 6
Gemalto’s Position ICB - “TECHNOLOGY – SOFTWARE” SECTOR TOP 20 COMPANIES
As at March 27, 2013
Company Name Country Revenue (€bn)
1 MICROSOFT UNITED STATES 55.2
2 ORACLE UNITED STATES 27.5
3 SAP GERMANY 16.2
4 CATAMARAN UNITED STATES 7.7
5 SYMANTEC UNITED STATES 4.9
6 VMWARE UNITED STATES 3.6
7 CA UNITED STATES 3.5
8 ADOBE SYSTEMS UNITED STATES 3.4
9 INTUIT UNITED STATES 3.2
10 IT HOLDINGS JAPAN 3.0
11 INVENSYS UK 2.9
12 AMDOCS UK 2.5
13 SALESFORCE.COM UNITED STATES 2.4
14 GEMALTO NETHERLANDS 2.2
15 CERNER UNITED STATES 2.0
eBanking Security 7
Gemalto eBanking References 200+BANKS
eBanking Security 8
Frauds & Mitigation
eBanking Security 9
Attacks are Evolving eBANKING FRAUD IS GETTING MORE AND MORE SOPHISTICATED
WHALING
ID THEFT KEY/SCREEN
LOGGING
PHARMING
PHISHING
MAN-IN-
THE-MIDDLE
MAN-IN-
THE-BROWSER
SHOULDER
SURFING
SOCIAL
ENGINEERING
CROSS CHANNEL
ATTACKS
CONTRACTUAL
FRAUD
RELAY
ATTACK
eBanking Security 10
Phishing Attack
are familiar with phishing
Low to very low knowledge of other attacks Source: RSA Online Fraud Report
Victim
Bank Server
1) Sends fake
“security” email
with fake link
2) Enters secure
information on
fake internet
bank site
Fake Server
3) Obtains account
information
4) Using obtained
account information
on real internet
bank site
eBanking Security 11
Man-in-the-Middle Attack
Victim
Bank Server
Malware Waits for
Transaction and
Modifies Details!!!
eBanking Security 12
Man-in-the-Browser Attack
Website Seen
by the Customer
Website Seen
by the Bank
Malware Changes
Transaction Details
Malware Changes
Balance Information
Malware Inside the Browser
eBanking Security 13
Attacks and Mitigation
TRANSACTION
VERIFICATION
CONTEXTUAL
SIGNING
STATIC
PASSWORDS
TRANSACTION
DATA SIGNING
ONE TIME
PASSWORDS
CHALLENGE /
RESPONSE
WHALING
ID THEFT KEY/SCREEN
LOGGING
PHARMING
PHISHING
MAN-IN-
THE-MIDDLE
MAN-IN-
THE-BROWSER
SHOULDER
SURFING
SOCIAL
ENGINEERING
CROSS CHANNEL
ATTACKS
CONTRACTUAL
FRAUD
RELAY
ATTACK
USER-FRIENDLY MITIGATION OF ALL CURRENT AND FUTURE THREATS
eBanking Security 14
eFrauds in the Region
eBanking Security 15
Ezio Solution
eBanking Security 16
Gemalto Ezio Suite
Ezio Suite is the market’s most versatile
and easy-to-implement
eBanking security solution with a proven
track-record of 100+ large-scale roll-outs.
STRONG E-BANKING AUTHENTICATION ARCHITECTED FOR CHOICE
200+BANKS
ONE
SERVER MULTIPLE
CHANNELS
ALL EZIO
DEVICES WORK IN
PARALLEL
STANDARD
COMPLIANT INCL. OATH,
CAP/EMV, PKI
70m DELIVERED
DEVICES
Token-
Agnostic Appliance
Delivery
eBanking Security 17
Introduction to New Ezio Server
Pre-Hardened All-in-One Box Appliance
Providing Multi-Factor Authentication
Used by 30+ Banks &
Millions of Users
R&D and Produced in Singapore
eBanking Security 18
Advantages of Ezio Server
Multi-Million User
Deployment
Token Agnostic
Authentication Brokering
Thousand Transactions per Second
Multi-Token Support per
User
End-to-End Encryption of Passwords
Supports Global
Standards
eBanking Security 19
Ezio Devices
EZIO SHIELD PRO
EZIO EDGE
EZIO CLUB EZIO THIN
EZIO SERVER EZIO TOOLKIT
EZIO onCARD PAD EZIO LAVA EZIO PICO
EZIO
PC USB-TR EZIO PKI CARD EZIO CLASSIC CLIENT
EZIO bySMS EZIO MOBILE SDK EZIO MOBILE TOKEN
EZIO onCARD
EZIO SHIELD TALK
EZIO
PLUG & SIGN
eBanking Security 20
Evolution is Leading to Mobile
eBanking Security 21
Day-to-Day eBanking is Partially Transiting to Mobile
Find Nearest Branch /
ATM
Block Lost/Stolen
Card
Check Balance
View Transaction
History
Make Money Transfer
eBanking Security 22
Ezio Mobile Solutions
Access Bank with Web Browser
Protected by Mobile Token
Access Bank with Native Application
Protected by Mobile SDK
eBanking Security 23
Ezio Mobile SDK
OTP Computation
Smartphone Support
Secure Storage
Secure Personalization
Security Expertise
Device Fingerprint
Easy to Integrate API
Future Proof
eBanking Security 24
Ezio Mobile Token
OTP Computation
Smartphone Support
Customizable
Based on Ezio SDK
eBanking Security 25
Summary
eBanking Security 26
Why EZIOTM
from Gemalto?
Global Presence – Local Touch
All-in-One Physical Appliance
Wide Range of Security Devices
Most Secure Mobile Solution Available Today
Thank You!
Zoltan Szalai / eBanking Solution Manager April 25, 2013