Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


First in NZ to protect against MIM Attacks

Wednesday, 20 September 2006

RaboPlus first retail banking service in NZ able to protect against “Man-in-the-Middle” attacks

RaboPlus is the first banking service in New Zealand able to protect its retail customers against a “Man in the Middle” (MITM) attack using a digital signature in addition to two-factor authentication security measures.

Maarten Kleinjtes, NZ Police Electronic Crime Laboratory Manager, says: “The future will see criminals changing their current methods of attacking internet banking customers and MITM attacks will be the most likely scenario.

“RaboPlus’ digital signature technology will provide a robust protection mechanism against any such attacks,” he says.

A man-in-the-middle attack (MITM) can occur when criminals position themselves between the customer and the bank and are able to read, insert and modify the communication at will without either party knowing that the security between them has been compromised.

RaboPlus General Manager Mike Heath says RaboPlus’ security is one step above that provided by other banks.

“We are using the most advanced systems available so we can assure our customers that their money and their private information is safe,” he says.

RaboPlus’ defense against MITM attacks is to use a host authentication mechanism, using digital signatures, that ensures the customer knows she/he is visiting the real bank site. It means the user’s password cannot be misused by a fraudster hiding behind a fake copy of the bank’s web site. No other bank in New Zealand has the digital signature step in place for its retail customers.

Mr Heath says RaboPlus’ parent company Rabobank invests heavily in internet security which benefits all divisions of the bank globally.

“Rabobank is Europe's largest internet bank and continually invests in state-of-the-art internet security from which RaboPlus customers in New Zealand benefit,” he says.

RaboPlus customers must use two factor authentication (their pin number together with a randomly generated number from their DigiPass) to log-in and thereafter each transaction is signed with a digital signature. The digital signature (also generated by their DigiPass) is used by the bank to verify the transaction to ensure it has not been modified (by criminals) and that it comes from the customer and not from a fraudster in the middle.

All RaboPlus customers are issued with a DigiPass – an internet security token developed by security partner VASCO which must be used in conjunction with a personal identification number (PIN) to access their account. The token generates a new one-time pass code every 36 seconds and, when combined with the user’s PIN, creates a log-in combination that is valid only for that particular user at that moment in time.

Unlike some banks, RaboPlus does not charge customers for the Digipass because it considers this part of the customer service model; in the same way that a customer would not expect to pay a fee for a security guard to stand outside a bank branch.

VASCO’s systems are used by 500 international financial institutions and over 3,000 blue-chip corporations and governments located in more than 100 countries.

The Rabobank Group is the only banking group in New Zealand to have a AAA credit rating from Standard & Poor’s and Moody’s, the highest available - a reflection of the bank’s financial security.

The Rabobank Group has been rated twice (in 2004 and 2005) by Global Finance Magazine as one of the world’s safest banks.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>


Half A Billion Accounts: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>

Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>


Half Full: Fonterra Raises Forecast Payout As Global Supply Shrinks

Fonterra Cooperative Group, the dairy processor which will announce annual earnings tomorrow, hiked its forecast payout to farmers by 50 cents per kilogram of milk solids as global supply continues to decline, helping prop up dairy prices. More>>



Meat Trade: Silver Fern Farms Gets Green Light For Shanghai Maling Deal

The government has given the green light for China's Shanghai Maling Aquarius to acquire half of Silver Fern Farms, New Zealand's biggest meat company, with ministers satisfied it will deliver "substantial and identifiable benefit". More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news