Security Technologies

When any service (such as e-banking) provides remote access to private data, it is necessary to eliminate the risk that someone could abuse the service to get unauthorized access to anybody else's data. This risk can be minimized by a secure verification of the user's identity, which is a prerequisite for using the service. The user (client) has to prove that he or she actually is the one he or she pretends to be (i.e. a registered client authorized to use the service).

Another risk presents the possibility of faking the identity of the other party (here, the servicer provider). For instance, in a case of a successful attack against web pages, the client may think he or she communicates with a trustworthy counter-party and send the confidential data (such as his or her login password, account number, etc.) to the attacker's server. Of course, the data are then disclosed and can be abused. However, it the client can securely verify the other party's identity, the risk can be minimized.

To make the security of private data complete, it is also necessary to ensure their protection during the transmission between the communicating partners (e.g. between the client and the bank). If allowed by the used communication technology, it is recommended to protect the transmitted data by encrypting.

When a client submits a transaction, it is advisable to protect its original contents against modification. For instance, changing the number of the receiving account in a submitted payment order would allow stealing money from the client's account. The protection of transaction integrity is especially important with services that do not allow encrypting due to technical reasons (IVR and some other).

It is possible to use different security technologies to ensure the above mentioned security features; each of them is suitable for a certain method of communication.