Due to the significant increase in phishing attacks globally and threats to online security, particularly through Internet banking, GPayments have developed a solution which provides users with a secure channel for browsing the Internet. The solution effectively gives users a locked down browser, allowing them to connect to any secure site using a trusted and safe browser.
Key features of the solution are its ability to provide users with a secure point-to-point connection, using their existing Internet connection and without the need to reboot their PC. For enhanced security, features such as scramble pin pads for password protection are easily incorporated. Despite being a security product, customisation of the secure browsers’ interface offers companies another opportunity for brand re-enforcement in a product with mass-market appeal.
To start the secure browser, users load it onto their desktop automatically from a number of different end user devices, such as generic USB storage devices and CD’s. By starting within the users current desktop, the secure browser uses existing network connections without requiring the manual installation and configuration of additional device drivers. In the same way users plug in their MP3 player to listen to music, users insert their secure browser device to do Internet banking. As users are already familiar with this process, it simplifies the experience and allows them to focus on the tasks they need to perform from within their secure session.
A lot of recent industry discussion has centred on the need for additional security for online banking. Two factor authentication now provides the additional level of security which was lacking. GPayments’ secure browser further compliments its two factor authentication solution, providing a much stronger defence against phishing, man-in-the-middle threats and online security and identity theft.
According to Bahram Boutorabi, GPayments’ Chairman and founder:
“The keys to the secure browser solution are that it cannot be altered, it cannot be hijacked and it provides immediate and reliable feedback to users about their secure Internet sessions.
We understand not all end users possess a computer science degree and therefore, cannot be expected to ensure their system is secure. Studies show that as many as 80% of end user environments are already compromised and there is currently no efficient way of making them safe. Current anti-virus and firewall solutions cannot guarantee the prevention of the downloading of malicious key loggers, mouse loggers, worms and Trojans that can hijack or record an otherwise confidential Internet banking session.
What we have developed is a secure browser which ensures users can perform their Internet banking using a point-to-point connection without the risk of their browser being hijacked or recorded.
By ensuring the secure browser functionality cannot be altered, a secure session can be opened with confidence and with ease, by simply connecting your user device. No problems with rebooting, installation or configuration.
By developing a simple yet powerful secure browser, we have complimented our existing authentication solutions to provide the confidence required of the market to continue using Internet banking.”
Features of the new secure browser solution include:
Trusted Website List
The solution uses a Trusted Website list to provide Internet users with a set of safe websites. The browser restricts content based on the definition in the list and users attempts to browse to other websites are denied. Only content coming from the approved websites is permitted. If there is a malicious script running on the users desktop or a phishing email attempts to redirect the user to an insecure website, the browser will deny access to the malicious website.
While allowing access to a strict set of websites is a perfect solution for Internet banking, a personal addition allows users to manage their own secure and trusted websites. In this version, users are assisted in the management of websites only after the security of such sites is dynamically rated based on factors such as the existence and validity of certificates and certificate chains and the determination of host information. To provide users with clear and immediate feedback about the safety level of a website being requested, the browsers skin will alter based on the security rating given to the website.
As the Internet offers users the ability to browse to websites of all kinds, standard browsers have been designed to allow add-ons and plug-ins to enhance the user’s experience for the average website. These features are hardly utilised by banking website where the focus is simplicity and maximum compatibility for all users.
As the remote installation of malicious third party software on a user’s desktop environment can completely compromise a computer system, the secure browser inherently denies such access, keeping it safe from harm. As the secure browser contains the necessary components, it prevents the installation of all, and potentially harmful, plug-ins and add-ons such as key loggers, mouse loggers and therefore prevents the users’ Internet banking sessions from being compromised.
Secure Access Only
GPayments’ secure browser is designed to allow information to be passed between server and client over the secure sockets layer (SSL) only. To increase security, certificate and host verification provides users with the knowledge that the website they are requesting is the real website they intended to visit. Unlike a conventional browser, the secure browser does not allow users to access sites with invalid SSL certificates.
The solution is operable on any number of end user devices making it equally attractive for mass production and customisation on read only media such as CD’s, or freely available to install on users existing devices such as USB storage devices.
Seamless User Experience
To access the secure browser, a user simply connects or inserts their end user device into their PC and the secure browser automatically runs in their existing environment. There is no requirement for rebooting and the user simply unplugs or removes the device when they have finished their secure session.
As the secure browser activates within a users existing desktop environment, it is capable of using the existing network connections. This effectively eliminates the need for users to manually install and configure network components and/or additional device drivers. As a result, the secure browser simplifies the user experience and allows them to focus on the tasks they need to achieve.
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organisation already has. The Web site, however, is bogus and set up only to steal the user’s information.
2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organisations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
GPayments Pty Ltd, is a founding member of Visa International's 3-D Secure Forum and a leading provider of 3-D Secure enablement solutions. GPayments has a fully compliant 3-D Secure product suite providing simultaneous support for Verified by Visa, Mastercard SecureCode, American Express SafeKey, JCB J/Secure and Diners Club International ProtectBuy.
GPayments has been a leading provider of authentication and payment solutions for the last 10 years. GPayments provides solutions for financial institutions (issuers and acquirers), payment gateways and third party processors, merchants and cardholders in many countries around the world. Further information can be found at www.gpayments.com.