Skip Links

Versafe offers a server-side-only approach to fraud detection and prevention

IT Best Practices Alert By Linda Musthaler, Network World
September 19, 2013 03:22 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Network World - According to an August 2013 Pew Research Center, 51% of U.S. adults now bank online, a modest increase from 46% in 2010. What’s growing more rapidly is the number of mobile banking users. In 2011, 18% of mobile phone users reported they use mobile applications to conduct banking. In the latest study, that figure has nearly doubled to 35%.

This increase in online and mobile banking plays to the strength of Israeli company Versafe. In mid September, Versafe announced general availability of its TotALL Online Fraud Protection Suite in North America. Versafe touts the suite as the only solution able to both detect and protect against fraud, malware and other online threats without any user involvement. (See 50 million users strong, Versafe brings online fraud protection to North America.)

(As I researched and wrote this article, it was announced that Versafe is being acquired by another industry stalwart in online security, F5.)

As online and mobile banking grow more popular with consumers, they invariably will draw more attention from cyber criminals who see them as poorly secured channels—and for good reason. Criminals have become adept at executing bank fraud through online and mobile attack vectors such as man-in-the-browser and session hijacking. This makes financial institutions very nervous. According to a recent survey by Aite Group, 88% of global risk executives at financial institutions believe mobile is the next big point of exposure.

Versafe has two offerings that cover the two digital banking channels: WebSafe is for web-based applications, and MobileSafe takes care of mobile apps. I’ve put these solutions in the context of banking because Versafe is concentrating on this industry at this time, but the tools can work for any web-based or mobile apps. Once F5’s acquisition is complete, Versafe may expand into other industries.

When compared to competitive solutions that protect banking applications, Versafe’s big differentiator is that no software program or agent needs to be downloaded to end users’ devices. Instead, the solutions work at the application layer so anyone who uses the applications is protected. This ensures universal coverage of a particular banking application without any effort from end users.

WebSafe can be deployed using an SDK directly on a web application. If the bank prefers, an integrated technology partner can do the deployment, which involves putting a small bit of code – Versafe calls it “obfuscated polymorphic” code – into the application to be protected. This code does several things that directly combat the way cyber criminals abuse web applications.

One of the main ways criminals trick application users is to spoof a legitimate website in order to gather sensitive information like account numbers, user names and passwords. The criminal sends out a phish message, the target victim is drawn to the spoofed site and gives his credentials, and – wham! – the criminal has all he needs to go empty out the account.

To prevent this from happening, WebSafe code is embedded and hidden within the legitimate application. So, if a criminal copies that application to create a spoofed site, the WebSafe code goes with it. This code detects what has happened and alerts the application owner, who can redirect traffic away from the spoofed site and do a takedown of that site. If end users enter their credentials to the phishing site, because the WebSafe code is also in the spoofed site, it can detect them and identify the specific customers for the application owner so that holds can be placed on their accounts to prevent theft.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News