Fortunately, some rather clever chaps at Cambridge University spin-out Cronto (Cambridge, UK) have now developed a system called CrontoSign to address this issue -- a data security solution that makes use of nothing less than a two-dimensional barcode.
In use, a bank generates the proprietary two-dimensional barcode -- a matrix of colored dots containing a cryptographically-encoded message -- and then sends it to a customer. The code is then decoded by the customer using an app running on a handheld device such as a cell phone or on dedicated hardware supplied by the company.
The bar code provides a secure "envelope" around the data so that it can be displayed to the customer over any unsecured channel. So although a Trojan might see the image being sent by the bank, it cannot change the secure data inside.
Two German banks -- comdirect bank and Commerzbank -- have already rolled out the system, which is known in Germany as photoTAN.
Customers can now scan a photoTAN image displayed on the banks' websites using the photoTAN mobile app or dedicated photoTAN hardware device. A customer then sees the message from their bank, which typically asks them to confirm the action they are attempting to perform.
To confirm the transaction, the customer uses a six-digit code, generated by the app or device, and enters it into the browser on their PC. The code acts as the customer's signature for a specific instruction, and once received and validated by the bank's server, completes the transaction.
While Cronto is currently focused on the online banking sector, the company also sees commercial possibilities for the system in e-commerce, peer-to-peer online payments, or any other application where there is a need to create a trusted connection between two parties.
You can read more about the CrontoSign system here. A video demonstrating the system is also available on YouTube in German here.
No comments:
Post a Comment