What do security modules commonly used on bank sites?

7

Most banks offer some kind of security module that acts on the client side for access to internet banking websites. Usually they are done in Java and they are usually very annoying to install.

What exactly do they do at the technical level? What are they protecting against? If there is a threat that they protect, why is not this used on all sites and finally comes embedded in all browsers? Why use Java instead of, for example, a browser extension?

    
asked by anonymous 06.06.2014 / 18:45

1 answer

10

About two years ago I had problems with the Bank of Brazil Security Module and I did some research on the subject. I already notice that I am not a security expert, nor am I aware of the internal workings of these software.

What are the Security Modules

Each bank has a solution, so I will limit my response to Banco do Brasil.

Second bank reference itself :

  

The Security Module is a protection system that, during the execution of electronic transactions, acts as a shield for your computer against malicious attacks on the Internet.

In theory, a security module is like a mini-antivirus and antispyware that protects the bank from fraud.

The supplier

According to some sources ( see this ) the company that provides the technology and software for both BB and Caixa is Gas Tecnologia . p>

The product

The site of this company announces the anti-fraud solution for e-banking as" a solution that structures a shielded and specialized virtual environment with the necessary requirements for conducting financial transactions through the Internet channel " .

Some of the features presented are:

Strong Device Identification and Authentication System

At least in BB, you need to register each computer from where you want to access the bank's website.

However, I usually use a virtual machine to access my account. I once copied this image to another computer and the access stopped working. Looking at what happened, I realized that I had to configure the network card of the new virtual machine with the same MAC address as the previous VM.

Analysis by irrigation model of user behavior and end-point in the Web channel and in multiple channels (ATM, URA, Mobile Banking)

It may be checked if someone actually clicks the buttons or if there is a "robot" accessing the bank.

Differentiated Service based on Knowledge Systematized through tools and processes for risk analysis and fraud detection

Probably the software tries to identify strange user or process behavior on the computer.

The solution has a direct effect on the channel's weaknesses and vulnerabilities that allow fraud and privacy violation on the operator

The tool should attempt to treat known vulnerabilities in the operating system or browsers, for example.

Audit Trail Generation

The system must log user activities on the bank's website. This would make it possible to identify the perpetrator of online fraud.

Able to prevent mass attacks on Web services

The tool should prevent fast access to services, avoiding Denial of Service Attacks .

Controversy

Several users denounce this module as a type of virus or malware .

Particularly, I had a similar impression. A few years ago my computer showed periods of Internet access instability and slowness (99% CPU) after installing the BB Security Module. This was one of the reasons I decided to use VMs.

After the module is installed on a computer, the user can not close or remove it. The behavior is similar to those malwares that place multiple processes. You close one of the processes and it reopens automatically.

    
06.06.2014 / 19:49