A system developed in cooperation with Warsaw University of Technology.
Financial institutions run one of the most valuable resources: millions of bank accounts with the deposited money. Online banking makes customers’ lives easier, however, simultaneously it attracts hackers to attempt to crack the protections so as to intercept client savings. While online banking infrastructure is supervised by qualified IT security specialists, individual customers frequently remain unaware of the cyber-crime threats. Hence hackers focus on the easier target, exploiting software loopholes, unfamiliarity with IT security, and user carelessness to take control of their PCs or mobile devices.
ONLINE FRAUD PROTECTOR CONSISTS OF 4 MAIN COMPONENTS:
- 1. Proxy server software responsible for adding code regarding configuration functionality to the back-end server application website content
- 2. Attack analysis, template learning, detection of fraudulent transactions and attempted attacks, sending alert events to operator’s console or to SIEM system
- 3. The script injected into the given protected application websites
- 4. Operator’s console for event handling and rule configuration
The Online Fraud Protector from STM Cyber has been developed to bridge the security gap in communication between the Client’s browser and the web application. It provides protection against attacks aimed at: phishing (i.e. theft of user names and passwords for the banking application), stealing money by replacing the target bank account number through the use of malware (web-injects) added to the website in the browser memory, or intercepting data by using spying software, so-called sniffers.
BENEFITS OF USING ONLINE FRAUD PROTECTOR
- Detection of all attacks consisting in modifying the web application in src.php browser memory src.php browser memory
- No possibility to use scripts to install malicious code on the target device
- Protection against attacks irrespective of the browser or the OS platform
- No modifications to the protected application
- Protective mechanism implemented without engaging the Client
- Access to data exchange platform dedicated to EndFrag threats and attacks