is designed to actively combat the known types of attacks as well as those which
will be devised in the future. Special attention is given to support for multi-disciplinary fields, all of with
are connected to the ability to provide a secure environment for online banking.
Whether the attack is directed at the online banking web site or the customer computer, if
it succeeds, the result would be devastating for both the bank and the customer and put the existence of online
banking itself in doubt. Therefore,
is equipped with a variety of functions that serve as means to
the end of enabling effective protection against the different types of attacks.
The diagram shows the major functional components of the
platform that are
designed to provide these functions.
The IDentiWall http gateway performs both the essential low level TCP-IP handshake and
communication services needed by the system, and higher level functions need for security. It acts as session
manager and redirection router. It provides a filtering facility, firewall and mechanisms to defend against
specific security challenges such as denial of service and bogus IP addresses.
Cyber Defender (not shown) is a specific software component that defends against threats such as injection of
OS commands and SQL, cookie tampering and many others.
There are many varied authentication methods, each of which is best suited for a given
situation. Therefore, a special effort was made to support a variety of authentication systems with IDentiWall.
As new authentication methods are developed, IDentiWall will support them as well. Online banking is
characterized by the need to handle large numbers of customers who are not necessarily used to using special
security precautions. This dictates the need to emphasize ease of use and continuous availability of the
One of the parameters IDentiWall uses for estimating risk exposure for a transaction is a
metric of location. In applications that allow data input from different remote locations, IDentiWall collects
information about the location of the customer's computer, location of the cellular telephone handset, of the
credit card and of the customer in the bank web site and the route by which he or she arrived there. IDentiWall
uses sophisticated correlations to apply this information in estimating the effect of location metrics on risk
The verification server ensures that the transaction that is executed is the one intended
by the customer. The frequency of attacks that are based on misdirection of the intended actions of the
e-banking customer grows daily, making the verification server a basic element in creating a secure online
banking environment. The process of verifying customer intentions disables the capacity of the attackers to
achieve their goals. It is executed over two separate communications networks, using a technique that prevents
the attackers from carrying out their plan.
The effectiveness of a security system for online banking requires a means of recording
customer actions. These recordings have numerous uses in post-mortem investigations of security breaches, as
part of the CRM, and in special cases, they may be used for surveillance of suspect customers or transactions.
IDentiWall also supports a playback facility that allows those responsible for security, monitoring and customer
experience to perform an orderly reconstruction of customer actions.
Estimation of the risk engendered by customer actions contributes the ability of IDentiWall
to take into account different factors such as the risk involved in transactions, their location, past
activities and the like, and to set the level of service accordingly. Thus for example, IDentiWall can block or
delay a customer request originating from their fixed computer workstation if their wireless telephone handset
is located in another country. Moreover, IDentiWall can take into account unusual activity such as transfer of
funds to a new account that has no history, highlighting the need for a risk assessment system.
The messaging server handles the basic functions of initiating authentication and
verification messages to the customer via SMS and receiving the replies.
Messages from the bank transmitted by IDentiWall to the customer can be routed through the
Messaging Gateway. The function of the gateway is to ensure that the message actually reaches its intended
destination even in extreme conditions when the SMS server is not providing the requisite quality of service. In
that event, the Messaging Gateway will select a different SMS service vendor from the battery of available
The Investigation Workbench enables execution of digital investigations of issues related
to IDentiWall and the knowledge bases connected to it. Information from the various sources undergoes
correlative analyses, according to a requested sequence, for example, along the time axis, and is displayed to
the to the investigator in clear and readable way. The system also supports specification of automated
investigations that are executed whenever a defined type of incident takes place. IDentiWall automatically
registers the results of the investigation in a digital investigation file and sends an alert with a link to the
file to the appropriate investigator.
IDentiWall is designed to cooperate with other IDentiWall systems through the Syndication
server. Cooperation in a syndicate means that whenever IDentiWall senses that it is the under massive cyber
attack, it informs the syndicate of which it is a member.
In turn, the syndicate checks the policies it must execute upon receipt of the
notification, and activates them.
Examples of this functionality can include:
Sending alerts to other syndicate members to raise the security level by
prohibiting certain activities on their protected web sites.
Total shutdown of all online banking web sites if more than one bank is under
IDentiWall Protects against online Security
Made4Biz IDentiWall provides a robust, scalable, upgradeable
security solution for online financial transactions through the public Internet and virtual private networks.
Its theft-proof authorization mechanism alerts victims and security personnel to ongoing attempts to use stolen identities.
It combats attacks based on phishing, man-in-the-browser software, code injection and other hacker
The heart of the system is an innovative mechanism for
dual-network authentication and verification, taking advantage of customers' wireless telephones to provide a
one-time password for each entry using SMS. This innovation makes possible a system that is easy to use,
requires no new hardware and no changes to banking software or customer computer software.
IDentiWall builds on this functionality to provide a complete
out of the box system that is robust, scalable, maintainable, and ready to meet threats that will emerge with
developing technologies as well as existing ones.
A sophisticated database and policy mechanism make it possible
to use user location, past behavior and other information to optimize the response to attacks. A syndication
mechanism ensures that financial institutions and their IDentiWall systems are alerted to general threats, and
an investigative workbench allows tracking and surveillance.
IDentiWall is ideal for online e-banking, brokerages and
e-shopping. IDentiWall supports a hacking and phishing-proof new e-shopping method.
More about IDentiWall
Meeting the Threat - What security threats face on-line banking
IDentiWall Architecture - This schema will help you understand
what IDentiWall does and how it does it
IDentiWall Technology - This table outlines the sophisticated
technologies underlying IDentiWall
IDentiWall versus Smartcards and Tokens - How does IDentiWall
measure up against other types of solutions?
IDentiWall versus in-house development - Read this before you try
to develop your own system - don't say we didn't warn you!
Articles About IDentiWall
Made4Biz Security announces IDentiWall secure e-Banking
- [June 1, 2008] IDentiWall secure e-banking extends IDentiWall VPN to provide ultimate
security for online financial transactions over the public Internet in an easy to implement, easy to use, robust and
IDentiWall Web mail
IDentiWall Secure e-Banking
IDentiWall versus Do-it-Yourself Security Software
Visit IDentiWall - Secure Online Financial Transactions Web Site