In the fast-moving fight against online fraud, the pressure is on for security companies to plug technology holes as quickly as possible – preferably before they are even opened.
While user passwords offer the semblance of security, they are highly susceptible not only to human error but also to attacks like phishing and keystroke logging.
To combat this, security companies developed the One Time Password (OTP) – a randomly-produced password that can be used only once, delivered on request to a unique device called a ‘token’ (or to a mobile phone).
The problem that has emerged with OTP systems is what’s known as ‘Man in the Browser’ attacks, whereby hackers infect a user’s browser with malware which tampers with the particular transaction the user is performing, often while still presenting the correct result.
To combat this problem, data protection experts SafeNet have developed a special kind of OTP token which uses an optical sensor to read the transaction data they have entered, in the form of a flashing graphic, direct from their screen. Once the user has approved the token's reading, they are given a special numeric signature, which they enter on the banking site to complete the transaction.
Vince Lee, ANZ regional sales manager for SafeNet, says the device, known as the eToken 3500, allows the user to authenticate not only their own identity, but the exact details of each transaction being performed.
"It adds another level of integrity to the system,” Lee says.
"[OTP tokens] have been a popular way to authenticate people securely, but having said that, today we have new threats on the landscape... and those threats are taking place regardless of strong authentication.”
The token requires its own PIN or password to unlock, meaning it can’t be used if it is lost or stolen.
Although SafeNet targets large institutions such as banks and government agencies with its full data protection platform, Lee says there is definitely a market for the device among consumers.
"This could be put into the hands of every consumer out there.”
Go here to check out a short video explaining how the eToken 3500 works.