Secure transaction technology developed by Cambridge spin out
1 min read
Cambridge University spin out Cronto has developed a security solution which it says protects online banking customers against 'man in the browser' attacks from Trojan malware.
Cronto's solution uses a visual channel to transfer data securely from the bank to the customer. The bank generates a proprietary 2d barcode containing the relevant data, which is decoded by the customer using Cronto's mobile application or a standalone hardware device. According to Cronto, the technology provides a secure 'envelope' around the data, which means that, while the Trojan can see the image being sent by the bank, it cannot change the secure data inside.
Cronto says that, in 2012, the Eurograbber Trojan transferred more than €36million from unsuspecting banking customers into other accounts. Igor Drokov, Cronto's ceo, says online banking security has to go beyond identifying who a customer is, whether via a password, the street they grew up on or the name of their pet. "To combat the level of sophistication poised by Trojan malware, the bank also needs to verify the action that the customer is trying to perform, whether it's a purchase, a transfer or a change of address."
Using the application or hardware device, the customer scans the image sent from their bank. Providing the security conditions are met, the customer will see the message. To confirm the transaction, the customer enters a six digit code generated by the app or device into their browser, which validates the transaction.