Most banks offer some kind of security module that acts on the client side for access to internet banking websites. Usually they are done in Java and they are usually very annoying to install.
What exactly do they do at the technical level? What are they protecting against? If there is a threat that they protect, why is not this used on all sites and finally comes embedded in all browsers? Why use Java instead of, for example, a browser extension?
About two years ago I had problems with the Bank of Brazil Security Module and I did some research on the subject. I already notice that I am not a security expert, nor am I aware of the internal workings of these software.
Each bank has a solution, so I will limit my response to Banco do Brasil.
Second bank reference itself :
The Security Module is a protection system that, during the execution of electronic transactions, acts as a shield for your computer against malicious attacks on the Internet.
In theory, a security module is like a mini-antivirus and antispyware that protects the bank from fraud.
According to some sources ( see this ) the company that provides the technology and software for both BB and Caixa is Gas Tecnologia . p>
The site of this company announces the anti-fraud solution for e-banking as" a solution that structures a shielded and specialized virtual environment with the necessary requirements for conducting financial transactions through the Internet channel " .
Some of the features presented are:
At least in BB, you need to register each computer from where you want to access the bank's website.
However, I usually use a virtual machine to access my account. I once copied this image to another computer and the access stopped working. Looking at what happened, I realized that I had to configure the network card of the new virtual machine with the same MAC address as the previous VM.
It may be checked if someone actually clicks the buttons or if there is a "robot" accessing the bank.
Probably the software tries to identify strange user or process behavior on the computer.
The tool should attempt to treat known vulnerabilities in the operating system or browsers, for example.
The system must log user activities on the bank's website. This would make it possible to identify the perpetrator of online fraud.
The tool should prevent fast access to services, avoiding Denial of Service Attacks .
Several users denounce this module as a type of virus or malware .
Particularly, I had a similar impression. A few years ago my computer showed periods of Internet access instability and slowness (99% CPU) after installing the BB Security Module. This was one of the reasons I decided to use VMs.
After the module is installed on a computer, the user can not close or remove it. The behavior is similar to those malwares that place multiple processes. You close one of the processes and it reopens automatically.
