Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


First in NZ to protect against MIM Attacks

Wednesday, 20 September 2006

RaboPlus first retail banking service in NZ able to protect against “Man-in-the-Middle” attacks

RaboPlus is the first banking service in New Zealand able to protect its retail customers against a “Man in the Middle” (MITM) attack using a digital signature in addition to two-factor authentication security measures.

Maarten Kleinjtes, NZ Police Electronic Crime Laboratory Manager, says: “The future will see criminals changing their current methods of attacking internet banking customers and MITM attacks will be the most likely scenario.

“RaboPlus’ digital signature technology will provide a robust protection mechanism against any such attacks,” he says.

A man-in-the-middle attack (MITM) can occur when criminals position themselves between the customer and the bank and are able to read, insert and modify the communication at will without either party knowing that the security between them has been compromised.

RaboPlus General Manager Mike Heath says RaboPlus’ security is one step above that provided by other banks.

“We are using the most advanced systems available so we can assure our customers that their money and their private information is safe,” he says.

RaboPlus’ defense against MITM attacks is to use a host authentication mechanism, using digital signatures, that ensures the customer knows she/he is visiting the real bank site. It means the user’s password cannot be misused by a fraudster hiding behind a fake copy of the bank’s web site. No other bank in New Zealand has the digital signature step in place for its retail customers.

Mr Heath says RaboPlus’ parent company Rabobank invests heavily in internet security which benefits all divisions of the bank globally.

“Rabobank is Europe's largest internet bank and continually invests in state-of-the-art internet security from which RaboPlus customers in New Zealand benefit,” he says.

RaboPlus customers must use two factor authentication (their pin number together with a randomly generated number from their DigiPass) to log-in and thereafter each transaction is signed with a digital signature. The digital signature (also generated by their DigiPass) is used by the bank to verify the transaction to ensure it has not been modified (by criminals) and that it comes from the customer and not from a fraudster in the middle.

All RaboPlus customers are issued with a DigiPass – an internet security token developed by security partner VASCO which must be used in conjunction with a personal identification number (PIN) to access their account. The token generates a new one-time pass code every 36 seconds and, when combined with the user’s PIN, creates a log-in combination that is valid only for that particular user at that moment in time.

Unlike some banks, RaboPlus does not charge customers for the Digipass because it considers this part of the customer service model; in the same way that a customer would not expect to pay a fee for a security guard to stand outside a bank branch.

VASCO’s systems are used by 500 international financial institutions and over 3,000 blue-chip corporations and governments located in more than 100 countries.

The Rabobank Group is the only banking group in New Zealand to have a AAA credit rating from Standard & Poor’s and Moody’s, the highest available - a reflection of the bank’s financial security.

The Rabobank Group has been rated twice (in 2004 and 2005) by Global Finance Magazine as one of the world’s safest banks.


© Scoop Media

Business Headlines | Sci-Tech Headlines


CO2 And Water: Fonterra's Environment Plans

Federated Farmers support Fonterra’s bold push to get to zero emissions of CO2 on the manufacturing side of the Co-operative, both in New Zealand and across its global network. More>>


Fisheries: Decision To Delay Monitoring ‘Fatally Flawed’

Conservation group representatives say a decision by the new Minister of Fisheries, Stuart Nash, to delay implementation of camera monitoring of fishing efforts in New Zealand is ‘fatally flawed’. More>>


Kaikōura Quakes: One Year On

State Highway One and the railway were blocked by damage and slips and the Inland Road suffered significant damage. Farms, homes and businesses suffered building and land damage. Power and internet went down, drinking water systems, sewage systems and local roads were all badly affected... More>>