Entrust Stops Man-in-the-Browser Malware
Man-in-the-browser malware — such as Zeus or Zbot — is the latest critical threat that is actively defrauding consumers, business banking and financial institutions. Innocent organizations are being targeted, resulting in large losses and legal action against banks.
Unfortunately, traditional security methods — antivirus protection, strong authentication and legacy fraud detection — are not affective against man-in-the-browser attacks, including Zeus and Zbot. And current solutions that can address the problem tend to be expensive, hard to use and difficult to deploy.
Entrust is the only vendor that currently offers three distinct and highly effective methods of addressing man-in-the-browser attacks — fraud monitoring of user behavior; SMS with transaction details; and out-of-band transaction verification and signature techniques on a mobile application.
The latter of the three is made possible by the latest Entrust IdentityGuard tool. Leveraging standards-based, out-of-band techniques, and without requiring any specialized hardware, Entrust IdentityGuard Mobile is the only mobile authentication method on the market that addresses man-in-the-browser malware threats — effectively and without user inconvenience.
Fraud Monitoring of User Behavior
The Entrust TransactionGuard fraud detection solution enables organizations to seamlessly monitor user behavior for transactions, account access and more. This real-time approach has been proven effective for stopping Zeus and Zbot MITB malware — all in a way that is invisible to the end-user.
Out-of-Band Transaction Verification
Leveraging a user’s existing device (e.g., mobile phone, smart phone), Entrust can verify online transactions via out-of-band SMS communication. This convenient, cost-effective approach takes advantage of existing user devices to defeat MITB malware.
Mobile Transaction Verification & Signature
The most convenient, easy-to-use strong authentication method available today, Entrust IdentityGuard Mobile enables out-of-band transaction verification, OATH-compliant signatures and even a method to immediately report suspicions account behavior. The end-user isn’t forced to enter any data within the smartphone application, only a straightforward Web confirmation code to complete the transaction.