Security Technologies

When any service (such as e-banking) provides remote access to private data, it is necessary to eliminate the risk that someone could abuse the service to gain unauthorized access to another party's data. This risk can be minimized by secure verification of the user's identity, which is a prerequisite for using the service. The user (client) has to prove that he or she is actually who he or she claims to be (i.e., a registered client authorized to use the service).

Another risk is represented by the possibility of faking the identity of the other party (here, the servicer provider). For instance, in the case of a successful attack against a website, the client may think he or she is communicating with a trustworthy counterpart and send confidential data (such as his or her login password, account number, etc.) to the attacker's server. Of course, the data are then disclosed and can be abused. However, it the client can securely verify the other party's identity, the risk can be minimized.

To make the security of private data complete, it is also necessary to ensure their protection during transmission between the communicating parties (e.g., between the client and the bank). If allowed by the communication technology used, it is recommended that the transmitted data be protected by encryption.

When a client submits a transaction, it is advisable to protect its original contents against modification. For instance, changing the number of the receiving account in a submitted payment order would allow the theft of money from the client's account. The protection of transaction integrity is especially important with services that do not allow encryption due to technical reasons (IVR and some others).

It is possible to use different security technologies to ensure the above mentioned security features; each of these technologies is suitable for a certain method of communication.