 |
 |
 |
|
| SecurityProNews > Insider Reports > Insider > SafeCentral Locks Down Online Transactions |
[ insider_reports_insider ]SafeCentral Locks Down Online Transactions
David Utter Staff Writer 2008-03-27  Insider Reports RSS Feed
Authentium's Virtual ATM concept reemerged as a secure desktop-to-web application called SafeCentral, which looks like an ideal choice to prevent identity theft.
It's been well over a year since we chatted with Authentium about secure banking and finance online. I suggested people needed some kind of dedicated Bloomberg-style terminal to shutdown keyloggers, man in the middle threats, and other attacks against people. Authentium happened to have that idea in mind in 2006, as their marketing VP Corey O'Donnell told me in a phone interview. The Virtual ARM idea has been "fully baked" since March 2007, he said. Fully baked? So where are the cookies? Turns out Authentium has been trying to sell their solution to banks that operate under the idea that two-factor authentication will be sufficient customer protection. Add in the hurdles of bandwidth, six months of vetting the technology, and the potential for people to need multiple Virtual ATMs to access each financial institution they use, and one can see why the idea hasn't gained traction. On the consumer side, people see credit monitoring services as something they aren't willing to pay for, since they know the credit card company won't hold them responsible for bogus charges. If identity theft was not a concern, that could be a valid point. It isn't. Identity theft presents a massive problem. Criminals don't need to charge an existing credit card when they have access to an existing identity's name, date of birth, and Social Security number. Enter the opportunity for SafeCentral, which should formally launch in mid-April. It represents a rethinking of the sell-to-bank business model mentioned early, as O'Donnell noted. One installs a SafeCentral application on the desktop, which takes a few minutes, and then navigates to the SafeCentral website from the application launcher. A couple of things happen here: SafeCentral creates a locked-down, secure browsing session, which in turn uses a dedicated DNS service to avoid man-in-the-middle attacks. The secure session launches in a section of available memory that SafeCentral first scans for viruses or malware. When open, the session prevents kernel calls that keyloggers and other malware would useto capture information. O'Donnell demonstrated this through a virtual session with a keylogger running. He attempted logging into PayPal with a made-up username and password, then showed how the keylogger had duly captured the keystrokes along with screenshots of his activity. Then with SafeCentral running, he logged into his actual PayPal account and showed me his balance. After logging out, up came the keylogger again. No keystrokes captured, and nothing in the screenshots of his PayPal visit but whitespace. The SafeCentral browser has been built on enhanced Mozilla code. Authentium stripped out all of the extra stuff. When SafeCentral launches, the browser is unpacked into clean memory each time. This keeps it from being infected by malware that might hit a system while the person is not using SafeCentral. Inside the service, people may visit one of the 15,000 destinations available, ranging from banks and credit unions to shopping sites like Wal-Mart, eBay, and Amazon.com. All the usual functionality for those sites works through SafeCentral. As people select their favorite destinations from among SafeCentral's sponsored list, we enter the always entertaining realm of the business model. These sites sponsor their place in SafeCentral with a nominal fee. A consequence of that allows people to always have free access to the sponsored site through SafeCentral. This has placed Authentium in the position of debating how to monetize SafeCentral for usage beyond its breadth of sponsoring companies already. They have been debating the possibility of a monthly or annual fee for people to use SafeCentral for any site they wish to access securely, with or without the destination being a SafeCentral sponsor. Even at this late date, the debate continues to rage. But before considering that, Authentium needs to consider this. Sure they can tout a couple of decades of experience working with major global financial institutions on security issues, but even among security pros, how many people have a working knowledge of them as a brand? O'Donnell acknowledged this, and cited a need for partnerships to build the brand with the public. That simply has to happen to bring people to SafeCentral. They tout alliances with Microsoft, Google, and Symantec in CEO/president Douglas Brunt's executive profile, but the public needs to see something more. Authentium may need the imprimatur of a Microsoft or a more well-known security vendor in the consumer space to build its userbase. Some positive buzz among the more highly trafficked blogs could help, which means O'Donnell and company would need to spend a lot more time commenting on sites while blogging from an authoritative position themselves. Though currently SafeCentral launches as a separate application, they are working on a way to enable its launch from Internet Explorer and Firefox directly. Doing so has to be accomplished while maintaining the integrity of the software, making this a step that could take some time. The idea behind SafeCentral has been long in coming, and no less necessary now than when Authentium first started talking about the core technology in 2006. Two-factor security via keyfobs is a step up from username/password combos, but still vulnerable to man-in-the-middle exploits. SafeCentral takes the external factors, the low-level kernel calls and the intermediary threats, out of the online transaction equation. We would like to see it achieve a critical mass of users, as that would put a serious crimp in the identity thieves and other dirtbags who steal financial information. View All Articles by David Utter About the Author: David Utter is a business and technology writer for SecurityProNews and WebProNews. More insider_reports_insider Articles Insider Reports RSS Feed
|
|
 |
iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us |
 |
| Contact
Us | Advertise
| Newsletter
Archive | Sitemap
| Submit an
Article | News
Feeds SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal |
Join the WebProWorld Forums: Click Here |
|
|||||||||||||||||||||||||
