As man-in-the-browser attacks continue to siphon funds from unsuspecting businesses and consumers, Entrust delivers a new authentication method for smartphones.
Entrust IdentityGuard Mobile is a software-based, one-time-passcode authentication application that is designed to operate with today’s leading smartphone platforms, including the Apple iPhone, RIM BlackBerry, Microsoft Windows Mobile and Symbian (Java).
Not exclusive to banking environments, Entrust IdentityGuard Mobile may also be used with Entrust IdentityGuard to provide strong authentication for enterprise use, remote access or government initiatives. The application can manage multiple identities on a single device, making it one of the most versatile and easy-to-use soft tokens available on the market today.
Entrust offers three capabilities for thwarting attacks man-in-the-browser malware: behavioral and transactional fraud detection; SMS authentication with transaction details; and mobile out-of-band transaction verification and signature.
“Man-in-the-browser attacks are a very real threat that financial institutions — both large and small — should proactively defend against to safeguard their business and customers,” said TowerGroup senior research director George Tubin. “While there are several ways to address this malware trend, financial institutions will initially deploy one or more solutions to their customers on voluntary basis. Financial institutions that are early to market with customer-oriented solutions will be viewed favorably by an increasingly skeptical, and vulnerable, customer base.”
Leveraging standards-based technology and without requiring any specialized hardware, Entrust IdentityGuard Mobile provides one-time-passcode authentication in combination with seamless out-of-band delivery of transaction details. This combination helps defend against man-in-the-browser malware — efficiently and without user inconvenience.
This new authenticator is designed to help defeat man-in-the-browser attacks by providing transaction details instantly to users for review and confirmation from within the authentication application — all in a straightforward manner that doesn’t require the use of external delivery services, such as SMS. Helpful options include the ability to store and save transaction history, as well as enabling deploying organizations to easily incorporate their brand into the application.