B-CERB complete protection against phishing copyright 2008 by Wheel.

B-CERBB-CERBcomplete protection against phishingcomplete protection against phishing

copyright 2008 by Wheel


copyright 2009 by Wheel2

Various methods of authentication available on the market



According to Accenture research



We notice an increasing popularity of token-based solutions which are relying on mobile phones, and we anticipate that 50 per cent of the future market of two-component authentication will be using this form of protection.

Dr. Allan, market research vice-president, Gartner

4

Information from the market



Wheel’s answer!

B-CERB, authentication and authorization system using mobile

phone as one of the methods for login and confirmation of transactions

Only as effective protection against phishing!



CERBToken, functionality

Login to the bank (one time passwords)

Verification of the identity (challenge - response)

Confirmation of transactions (challenge - response)



Download, installation, activation

+48 600 000 123

CERBToken

Activation code

BANKBANK



Login

Login to your account

User name

Password

John Kowalsky

46914026

login



Transfer confirmationData transfer

Recipient name

Address

Address

Account number

Amount

confirm

Transfer confirmation

confirm

Operation code: 3 8 7 0 5 0 0 0 7

Confirmation code:

Your transfer has been accepted!

John Kowalsky

Akacjowa Street

Warsaw

43 0000 0000 0000 0043

1000,00

387050007

84659281



Verification of the bank’s customer identity

204270

790549

Bank calls the customer and ask for generation of verification codes

BANKBANK


B-CERBB-CERBkompletne zabezpieczenie przed phishingiemkompletne zabezpieczenie przed phishingiem

11

CERBToken

for BlackBerry

CERBTokenfor Windows

Mobile

CERBTokenfor Java Mobile

CERBToken – an ultimate method of authentication in CERB

CERBToken

for iPhone

nowin

AppStore !



CERB is not only the CERBToken!We offer also other modules of authentication:

SMSToken scratch off cards, e-mail, other

equipment tokens of third parties



BANKBANK

““office”office”

IVRIVR

webweb

call call centercenter

otherother

product product II

product product IIII

product product IIIIII

JavaToken

passworpasswordd

...

The same customer – multiple channels of access to products



One customerOne customer

Different authentication methodsDifferent authentication methods

Different channels of accessDifferent channels of access

Access to different productsAccess to different products

The same customer – multiple channels of access to products



Bank systemBank system

e-Bankinge-Banking m-m-BankingBanking

DatabaseDatabaseCERBCERB

““office”office”Call centerCall center

IVRIVR

CERBToken CERBToken generation servergeneration server

CERBCERBAPIAPI

CERBToken CERBToken distribution serverdistribution server

WEB GUIWEB GUI

INTERNET / GSM

broker broker GSMGSM

JAJAAPIAPI

System infrastructure – complete system



Bank systemBank system

e-Bankinge-Banking m-m-BankingBanking

DatabaseDatabase

““office”office”Call centerCall center

IVRIVR

CERBToken CERBToken generation servergeneration serverCERB CERB

engineengine

CERBToken CERBToken distibution serverdistibution server

WEB GUIWEB GUI

INTERNET / GSM

broker broker GSMGSM

JAJAAPIAPI

System infrastructure – engine



Security. Application.

secure installation (activation code)

protection against brute force attack (non-verifable PIN)

protection against copy application to another phone

protection against overwriting of application

possibility of passwords configuration

challenge – response personalization



Security. System.protection against theft of logins, static password and

hidden passwords (one time passwords)

protections against theft of password to digital

signature (challenge - response)

protection against interference in work of OS

(challenge – response)

protection against phishing

protection against “man in the middle” attack

protection against trojans



Furthermore…very competitive price

no logistics cost (no hardware tokens, no TAN cards, etc)

price in polish zloty

high usability

great marketing argument: only as effective protection

against phishing

another argument: very innovate solution

Wheel is polish company (we can modify system

according to your expectations).



CERB system, total cost of usingCERB system maintenance costs, increasingly

year-round supportlogistics costs (only the cost of SMS’s)no costs in case of lost applicationsno costs of appliction renewal

Maintenance costs of a system based on equipment tokens, increasingly

year-round supportlogistics costs (delivery of devices)costs of lost devices (lost, broken -usually around 10%)costs of devices renewal (usually after every 3 years)comparison of total costs after 5 consecutive

years of using for 50.000 users



CERB system, our references

Thank You.

Time for questions.

copyright 2009 by Wheel, kontakt: [email protected]

B-CERB complete protection against phishing copyright 2008 by Wheel.

Documents

Transcript of B-CERB complete protection against phishing copyright 2008 by Wheel.