IBM has unveiled a prototype USB stick designed to secure online banking transactions against malware and man-in-the-middle attacks.
The Zone Trusted Information Channel (ZTIC) plugs into the USB port of any computer to add an extra layer of security on top of existing authentication systems like smart cards, PINs and one-time validation codes.
Customers use it to log in to their account and validate transactions via a display on the device.
The system creates a direct, secure channel to the bank's online transaction server, bypassing the PC which could be infected by malware or susceptible to hacker attacks, says IBM.
This means that even if the computer is infected by malware that manipulates the information flow, the user can cancel the transaction while displayed on the ZTIC device. What the user sees on the ZTIC display is identical to what the server "sees".
In addition, a smart card can be inserted into the device, to help protect against man-in-the-middle attacks, which are designed to subvert normal two factor authentication systems by intercepting confidential user credentials as they are passed online.
Peter Buhler, manager, computer science, Zurich Research Lab, IBM, says: "Owing to the direct secure connection between ZTIC and server, the device essentially provides a safe window to the server."
IBM says the pilot devices - which do not require changes to the software on the bank's server or client's PC - are now available for financial institutions to trial.
"In the presence of an ever more professionally operating e-crime scene, it became obvious that PC-software based authentication solutions were potentially vulnerable and that we needed to innovate to stay ahead," says Buhler.