Menu
UBS to deploy IBM secure banking USB device

UBS to deploy IBM secure banking USB device

The device ensures that a man-in-the-middle attack isn't under way during a transaction

Banking giant UBS has started deploying a device from IBM that ensures online banking transactions aren't being interfered with by hackers.

IBM's ZTIC (Zone Trusted Information Channel) is a smart-card reader that attaches to computer via a USB cable. During an online banking transaction, it bypasses the Web browser and makes a direct SSL (Secure Sockets Layer) connection with the bank.

With that access, the ZTIC is able to show a banking customer what will actually happen during a transaction even if the computer is infected with malicious software.

The ZTIC is designed to thwart man-in-the-middle attacks, where a hacker interferes with a transaction in real time and modifies data.

For example, it can allow a hacker to transfer $9,000 to a third-party account while showing the victim the amount they intended to transfer to the correct account.

UBS published a video of their implementation of the ZTIC, which the bank has dubbed the "UBS Access Key." Once connected, a customer inserts an access card into the ZTIC and enters a PIN (Personal Identification Number) on the UBS Web site. When the customer has filled out a beneficiary for payment, the ZTIC will display the target account number on its screen.

If the transaction has been hacked and the account number is different, the customer can abort the payment by hitting a red "x," or a green check if it's fine.

UBS chose the ZTIC for use primarily with corporate customers setting up new payment beneficiaries in their online banking system, according to a bank spokesman. Those corporate customers will get the ZTIC for free, UBS said.

It is also available to retail customers but they will have to pay 65 Swiss francs (US$60). UBS has about 100,000 corporate and 550,000 retail e-banking clients.

The technology that is in the ZTIC has been around for a while, but IBM is the first company to get a major bank to deploy it, which is significant, said Avivah Litan, a vice president at Gartner.

As criminals have found ways to defeat strong authentication methods such as one-time passwords, "locked-down" computing -- which aims to seal off banking sessions from malware interference -- is gaining traction, she said.

"The concept and architecture makes a lot of sense, if it [ZTIC] works as advertised," Litan said. "I'm sure some vulnerabilities will become apparent as the ZTIC technology is rolled out, but these will be much more limited by nature of the architecture than the ones that are present in the desktop computing environment."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags UBSSSLsmartcard

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments