Friday, October 31, 2008

Increased security for Internet Banking

One of the potential advantages of mobile banking is access to the crypto keys on the SIM card. If utilised correctly (and by the way, a small number of suppliers actually have the expertise to do this), banking solutions can be delivered with the same security than EMV (chip and PIN) cards. The reason for this, is that the banking application has access to cryptographic keys available on the SIM card. Internet banking deployments do not have access to crypto keys on the subscriber PC/laptop. Internet banking can therefore (through first principles) never be as secure as mobile banking.

With the launch of laptops with SIM card slots integrated into the machine (I blogged about this previously), I thought that this would enable much more secure Internet banking solutions. This did not materialise (up to now), as the SIM card in the laptop is only being used to create connectivity access to 3G networks. Opportunity lost?

Now two products have caught my attention with the potential of significantly improving online banking. These products (both) plug into the USB slot on the PC and provides the cryptographic capabilities on the PC platform:

  • IBM recently announced the Zone Trusted Information Channel (ZTIC) (read more here). This is a hardware device with crypto security that can be utilised for online banking and that plugs into your PC's USB slot.
  • Gemalto ships a similar product called the USB Shell Token (see here). With the relationship between Fundamo and Gemalto, we are investigating ways to leverage our experience in mobile banking to increase security of online banking by making use of this hardware device.
Maybe online banking security will ultimately be improved by means of USB devices and not through the SIM card on the PC?

No comments: