Authentium, the leading provider of extensible security software technologies and service platforms, today announced VirtualATM, a software developer's kit (SDK) that allows banks, financial institutions and ISPs to create direct, secure, end-to-end connections with users.
VirtualATM prohibits hackers from intercepting communications and eliminates adverse affects from spyware or other malicious desktop agents. In the process, banks can create the most secure environment for online transactions, enable compliance with guidelines from the Federal Financial Institutions Examinations Council (FFIEC), and provide additional safeguards for their customers' critical financial information.
Authentium's VirtualATM technology significantly limits the threat posed by online thieves and helps satisfy new FFIEC regulations. Financial institutions and their clients are currently facing a deluge of security threats. Consumers are regularly deceived by phishing e-mails, which pose as legitimate messages from financial institutions and attempt to coax personal information and passwords from victims. In addition, malicious spyware and screen-scraper technology embedded by hackers in seemingly harmless websites, downloads or e-mail can log keystrokes, capturing log-on data without the user even noticing.
In response, banks are looking to a variety of security technologies that meet or exceed industry regulations calling for stronger defenses. The FFIEC is mandating that online businesses implement stronger security technologies by the end of the year. Among the requirements, all consumer online banking must be protected by two-factor authentication, meaning that all online consumers must use two separate processes for accessing account information.
"This technology comes at a time when financial institutions are striving to find new ways to protect their customers and meet more stringent industry guidelines for authentication," said Scott Crawford, senior analyst at Enterprise Management Associates. "The online banking experience continues to be a primary target of attack, with the result that many consumers have justifiable concerns about conducting transactions online. Authentium's approach moves beyond traditional two-factor authentication to address a more insidious range of threats - some of which may be deeply hidden - which collectively pose one of the highest risks to consumer confidence in doing business online. The Authentium solution promises consumers the ability to be protected with little effort, and to conduct online transactions with higher confidence."
Financial institutions can purchase Authentium's VirtualATM SDK to build their own branded solutions. When implemented, end users receive a thin client from the VirtualATM-enabled bank immediately after logging in to their accounts. The client creates a secure tunnel to the bank's website, while locking down the user's desktop. The client halts interaction with other desktop applications, such as keystroke loggers, spyware or other malicious agents. Many ISPs, such as Cox Communications, are already using Authentium technology as part of their branded security suites; These ISPs now can embed the VirtualATM technology into their offerings and offer the highest protection for users conducting financial business.
"Traditional security solutions address only part of the problem and rely heavily on the user's diligence in keeping their PCs healthy and safe from spyware, keyloggers, and other hacker threats," said John Sharp, chairman & CEO of Authentium. "VirtualATM, on the other hand, begins with the presumption that the desktop is compromised, and it locks-down access to everything but the transaction window. Coupled with a strong, trusted, on-demand virtual private network (VPN) connection to a financial institution, VirtualATM addresses virtually every aspect of online security. Short of someone standing over your shoulder, transactions through Authentium's VirtualATM are secure from prying eyes in a way never before possible."
Authentium's solution is based on the company's trusted security extensions toolkit, which watches web-based interactions and can monitor attempts to interfere with those interactions. Authentium developed the core technology over the past five years to ensure it is seamless and does not adversely interfere with end user actions.