Defender of the faith
Australian fraud risk management company TrustDefender launched a couple of products in the UK today that are designed to further protect us when performing supposedly secure financial transactions online.
TrustDefender Zero claims to instantly detect if someone's personal details have been stolen and are being used, using device and page fingerprinting techniques that don't even require the end-user to install any software. TrustDefender Central Intelligence Server is a server-level solution.
The company is in the middle of a phase of international expansion, having grown rapidly in Oz. Its customers are primarily financial services providers - with one set to go live with Trust Defender next month - but in principle any company that wants to have secure online transactions with its customers should be interested.
We spoke to CEO Ted Egan, and he explained that authentication (passwords, etc) and security are quite distinct things. You could have a trojan lurking on your PC or mobile device that would not be detected by the authentication process and enable the bad guys to do their thing after you've logged on. Often trojans have a window of opportunity of a week or two before general security software is updated to tackle them.
"The page fingerprinting protects against any ‘Man-In-The-Browser' trojan without the need for blacklists or signature updates and without the need for a download," said TrustDefender CTO Andreas Baumhof. "The combined fraud risk management part integrates this into a holistic picture. Today's malware is smart and just detecting a malware without the fraud risk component worked yesterday, but won't tomorrow."
In essence, this is an enterprise product that addresses a perceived weakspot in the fraud and malware protection by online transactions. Many Australian companies seem to have come to the conclusion this is a necessary thing, and now TrustDefender is betting the rest of the world will follow suit.