Menu
UBS to deploy IBM secure banking USB device

UBS to deploy IBM secure banking USB device

The device ensures that a man-in-the-middle attack isn't under way during a transaction

Banking giant UBS has started deploying a device from IBM that ensures online banking transactions aren't being interfered with by hackers.

IBM's ZTIC (Zone Trusted Information Channel) is a smart-card reader that attaches to computer via a USB cable. During an online banking transaction, it bypasses the Web browser and makes a direct SSL (Secure Sockets Layer) connection with the bank.

With that access, the ZTIC is able to show a banking customer what will actually happen during a transaction even if the computer is infected with malicious software.

The ZTIC is designed to thwart man-in-the-middle attacks, where a hacker interferes with a transaction in real time and modifies data.

For example, it can allow a hacker to transfer $9,000 to a third-party account while showing the victim the amount they intended to transfer to the correct account.

UBS published a video of their implementation of the ZTIC, which the bank has dubbed the "UBS Access Key." Once connected, a customer inserts an access card into the ZTIC and enters a PIN (Personal Identification Number) on the UBS Web site. When the customer has filled out a beneficiary for payment, the ZTIC will display the target account number on its screen.

If the transaction has been hacked and the account number is different, the customer can abort the payment by hitting a red "x," or a green check if it's fine.

UBS chose the ZTIC for use primarily with corporate customers setting up new payment beneficiaries in their online banking system, according to a bank spokesman. Those corporate customers will get the ZTIC for free, UBS said.

It is also available to retail customers but they will have to pay 65 Swiss francs (US$60). UBS has about 100,000 corporate and 550,000 retail e-banking clients.

The technology that is in the ZTIC has been around for a while, but IBM is the first company to get a major bank to deploy it, which is significant, said Avivah Litan, a vice president at Gartner.

As criminals have found ways to defeat strong authentication methods such as one-time passwords, "locked-down" computing -- which aims to seal off banking sessions from malware interference -- is gaining traction, she said.

"The concept and architecture makes a lot of sense, if it [ZTIC] works as advertised," Litan said. "I'm sure some vulnerabilities will become apparent as the ZTIC technology is rolled out, but these will be much more limited by nature of the architecture than the ones that are present in the desktop computing environment."


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags IBMsmartcardsecurityUBSSSL

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments