Is Your Online Bank Really

Secure?

Zoltan Szalai / eBanking Solution Manager April 25, 2013

eBanking Security 2

eBanking Security 3

Gemalto for You ONE THIRD OF THE WORLD’S POPULATION USE OUR SOLUTIONS EVERYDAY

BANKS & RETAIL

TELECOM

TRANSPORT

GOVERNMENT

ENTERPRISE

eBanking Security 4

40

70

200

MILLION ADVANCED DEVICES

MILLION DEVICES

EMPLOYEES

About eBanking

Over €2 BILLION in Revenue in 2012

€250+ MILLION Software and

Value Added Services

BILLION Intelligent Cards Produced and

Personalized on a Yearly Basis

14 R&D Centers

1,400 Scientists

15 Production Sites

28 Presonalization Centers

74 Sales & Marketing Offices

10,000 + Employees

100 Nationalities

43 Countries

About Gemalto

60

25

20%

MILLION IN REVENUE 2012

MILLION IN REVENUE 2009

EXPECTED ANNUAL GROWTH

Business Overview

eBanking Security 5

Gemalto’s Position 2013 MAGIC QUADRANT FOR STRONG AUTHENTICATION FROM GARTNER

As of March, 2013

eBanking Security 6

Gemalto’s Position ICB - “TECHNOLOGY – SOFTWARE” SECTOR TOP 20 COMPANIES

As at March 27, 2013

Company Name Country Revenue (€bn)

1 MICROSOFT UNITED STATES 55.2

2 ORACLE UNITED STATES 27.5

3 SAP GERMANY 16.2

4 CATAMARAN UNITED STATES 7.7

5 SYMANTEC UNITED STATES 4.9

6 VMWARE UNITED STATES 3.6

7 CA UNITED STATES 3.5

8 ADOBE SYSTEMS UNITED STATES 3.4

9 INTUIT UNITED STATES 3.2

10 IT HOLDINGS JAPAN 3.0

11 INVENSYS UK 2.9

12 AMDOCS UK 2.5

13 SALESFORCE.COM UNITED STATES 2.4

14 GEMALTO NETHERLANDS 2.2

15 CERNER UNITED STATES 2.0

eBanking Security 7

Gemalto eBanking References 200+BANKS

eBanking Security 8

Frauds & Mitigation

eBanking Security 9

Attacks are Evolving eBANKING FRAUD IS GETTING MORE AND MORE SOPHISTICATED

WHALING

ID THEFT KEY/SCREEN

LOGGING

PHARMING

PHISHING

MAN-IN-

THE-MIDDLE

MAN-IN-

THE-BROWSER

SHOULDER

SURFING

SOCIAL

ENGINEERING

CROSS CHANNEL

ATTACKS

CONTRACTUAL

FRAUD

RELAY

ATTACK

eBanking Security 10

Phishing Attack

are familiar with phishing

Low to very low knowledge of other attacks Source: RSA Online Fraud Report

Victim

Bank Server

1) Sends fake

“security” email

with fake link

2) Enters secure

information on

fake internet

bank site

Fake Server

3) Obtains account

information

4) Using obtained

account information

on real internet

bank site

eBanking Security 11

Man-in-the-Middle Attack

Victim

Bank Server

Malware Waits for

Transaction and

Modifies Details!!!

eBanking Security 12

Man-in-the-Browser Attack

Website Seen

by the Customer

Website Seen

by the Bank

Malware Changes

Transaction Details

Malware Changes

Balance Information

Malware Inside the Browser

eBanking Security 13

Attacks and Mitigation

TRANSACTION

VERIFICATION

CONTEXTUAL

SIGNING

STATIC

PASSWORDS

TRANSACTION

DATA SIGNING

ONE TIME

PASSWORDS

CHALLENGE /

RESPONSE

WHALING

ID THEFT KEY/SCREEN

LOGGING

PHARMING

PHISHING

MAN-IN-

THE-MIDDLE

MAN-IN-

THE-BROWSER

SHOULDER

SURFING

SOCIAL

ENGINEERING

CROSS CHANNEL

ATTACKS

CONTRACTUAL

FRAUD

RELAY

ATTACK

USER-FRIENDLY MITIGATION OF ALL CURRENT AND FUTURE THREATS

eBanking Security 14

eFrauds in the Region

eBanking Security 15

Ezio Solution

eBanking Security 16

Gemalto Ezio Suite

Ezio Suite is the market’s most versatile

and easy-to-implement

eBanking security solution with a proven

track-record of 100+ large-scale roll-outs.

STRONG E-BANKING AUTHENTICATION ARCHITECTED FOR CHOICE

200+BANKS

ONE

SERVER MULTIPLE

CHANNELS

ALL EZIO

DEVICES WORK IN

PARALLEL

STANDARD

COMPLIANT INCL. OATH,

CAP/EMV, PKI

70m DELIVERED

DEVICES

Token-

Agnostic Appliance

Delivery

eBanking Security 17

Introduction to New Ezio Server

Pre-Hardened All-in-One Box Appliance

Providing Multi-Factor Authentication

Used by 30+ Banks &

Millions of Users

R&D and Produced in Singapore

eBanking Security 18

Advantages of Ezio Server

Multi-Million User

Deployment

Token Agnostic

Authentication Brokering

Thousand Transactions per Second

Multi-Token Support per

User

End-to-End Encryption of Passwords

Supports Global

Standards

eBanking Security 19

Ezio Devices

EZIO SHIELD PRO

EZIO EDGE

EZIO CLUB EZIO THIN

EZIO SERVER EZIO TOOLKIT

EZIO onCARD PAD EZIO LAVA EZIO PICO

EZIO

PC USB-TR EZIO PKI CARD EZIO CLASSIC CLIENT

EZIO bySMS EZIO MOBILE SDK EZIO MOBILE TOKEN

EZIO onCARD

EZIO SHIELD TALK

EZIO

PLUG & SIGN

eBanking Security 20

Evolution is Leading to Mobile

eBanking Security 21

Day-to-Day eBanking is Partially Transiting to Mobile

Find Nearest Branch /

ATM

Block Lost/Stolen

Card

Check Balance

View Transaction

History

Make Money Transfer

eBanking Security 22

Ezio Mobile Solutions

Access Bank with Web Browser

Protected by Mobile Token

Access Bank with Native Application

Protected by Mobile SDK

eBanking Security 23

Ezio Mobile SDK

OTP Computation

Smartphone Support

Secure Storage

Secure Personalization

Security Expertise

Device Fingerprint

Easy to Integrate API

Future Proof

eBanking Security 24

Ezio Mobile Token

OTP Computation

Smartphone Support

Customizable

Based on Ezio SDK

eBanking Security 25

Summary

eBanking Security 26

Why EZIOTM

from Gemalto?

Global Presence – Local Touch

All-in-One Physical Appliance

Wide Range of Security Devices

Most Secure Mobile Solution Available Today

Thank You!

Zoltan Szalai / eBanking Solution Manager April 25, 2013