First Data Selects IronKey to Help Clients Prevent Online Banking Fraud

July 31, 2011

New Solution Helps to Protect Customers and Offers Financial Institutions Competitive Advantage

SUNNYVALE, CA--(Aug 1, 2011) - First Data Corporation, a global leader in electronic commerce and payment processing, will refer clients of the First Data Internet Banking solution to IronKey's Trusted Access as an option to help them protect their customers from potential attacks by criminals on an online banking user's PC.

IronKey Trusted Access is a secure browsing solution that financial institutions provide to their Internet banking customers. Trusted Access helps to avert criminal attacks that use malicious software such as ZeuS, SpyEye, Sunspot, and OddJob, as well as new threats that continue to evolve. According to research firm Gartner Inc., crimeware designed to take over online banking accounts and steal money is now the most significant threat concerning U.S. banks. [1]

Trusted Access will assist First Data clients who choose the service in meeting Federal Financial Institutions Examination Council (FFIEC) guidelines for new online security controls. Trusted Access is a fraud prevention solution that may be implemented as part of a financial institution's layered security program, which is required by the FFIEC's new Internet authentication guidelines. Financial institutions will be evaluated under these new guidelines beginning in January 2012.

"Online account takeovers and fraud are significant concerns for financial institutions today," said Cindi Lieblich, vice president of Product Development for First Data. "Because Internet banking fraud often starts with an attack on the account holders' PCs, regulators and industry experts recommend that financial institutions protect Internet banking sessions with layered security controls. With IronKey Trusted Access, the First Data Internet Banking solution offers an additional layer of fraud protection using industry-leading technology that enables our clients to further differentiate their product offerings and capture new business."

IronKey Trusted Access is an intelligent security software and Internet security service that is easy to use. Trusted Access provides a secure Web browser protected in a fully virtualized, read-only environment tailored to protect online banking sessions from known and unknown crimeware. Even if a computer is infected with malware, the online banking session should remain safe, secure, and private. Unlike other approaches, Trusted Access assumes a client's computer is infected with the latest zero-day attack that would go undetected by anti-virus and other software technologies. The IronKey solution includes the Trusted Access USB security device, which launches a protected, virtualized operating system and Web browser that only works with the IronKey Trusted Network and, when deployed, limits the end user's online access to bank-approved sites.

"IronKey is excited to have Trusted Access offered as a part of the First Data Internet Banking solution and to provide customers with the latest fraud protection, secure browsing, and compliance technology. With today's criminal attacks, financial institutions must start with the assumption that their customers' computers are infected with crimeware. That's why NACHA, FBI, and FFIEC are recommending financial institutions provide security options like IronKey," said IronKey CEO Arthur Wong. "IronKey Trusted Access can help First Data's clients meet their compliance obligations and deliver a safer environment for their customers' online banking sessions."

Trusted Access is designed to protect online banking sessions from keyboard logger, man-in-the-browser, 'backconnect' Trojan, and DNS tampering attacks. It is also designed to protect online banking sessions from zero-day attacks, spawned by the continuous introduction of new financial malware that goes undetected by up-to-date anti-virus software, browser plug-ins, firewalls and other security software used by online banking users. Instead of trying to detect every known and to-be-developed attack, Trusted Access assumes a computer is infected with crimeware and provides the user an isolated, safer, and more secure online banking experience.

In a period of 12 months, more than 70,000 ZeuS variants were detected in the wild, with many, many more going undetected. A staggering 25% of computers, according to latest reports from the Anti-Phishing Working Group (APWG), are infected with banking Trojans such as ZeuS and SpyEye, used by criminals to take over online bank accounts and steal millions from businesses and municipalities.

More information about IronKey's Trusted Access for Banking is available online.

Resources
"Protecting Online Banking Customers from Evolving Cyber Crime Threats" -- webcast explains the latest bank phishing attacks, the ZeuS Trojan and SpyEye, and why anti-virus software, firewalls and other conventional safeguards are not able to stop these attacks.

"Trusted Access Guided Demonstration" -- product demonstration and example attacks.

About IronKey
Ranked as the 14th best venture-funded company in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromise of passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as 'FutureNow 2010 Top 5' from Bank Technology News. Visit www.IronKey.com for more information.