Jens Hinrichsen made quite a scene at Finovate Fall 2013 when, during his morning demo, he announced to the room that everyone was infected after visiting the Finovate homepage.
VerSafe demo #finovate "we are all infected..."— elizabethsafran (@elizabethsafran) September 10, 2013
He was kidding, but he made his point: A lot of sites have malware that infect your computer or mobile device simply by visiting them. Without clicking on a thing, you are an easy victim of “drive-by malware” that can follow you as you continue your internet browsing and open applications.
His firm, Versafe, supplies hidden codes to companies so they can protect users from malware on their site, apps on mobile device, even the mobile browser. As Hinrichsen explains it, we’re all infected, badly, but there’s not much your bank can do about it. What they can do is protect their own site and applications, challenging the malware onto their own turf.
“It’s a solution that doesn’t involve an end user,” he said in an interview. “In order to protect us the solution has been for the end-users to download software, but that comes with whole host of issues. Maybe 1, 5, or 15% of the user base will download the security, but even so attackers are already trained to undo it. The only way to protect the user base is to take an approach where we’re bringing that external fight to the application, on mobile and web.”
Most importantly, and it bears emphasis, Versafe is not a downloaded solution. It exists as pieces of code on the website (even if opened in a mobile browser) and included in mobile updates.
Direct fraud losses have been creeping downward – as a result of a lot of investments; however, Hinrichsen says companies come to them because they make systems more efficient. “We’re taking all that crud infecting end users to ultimately cash out, there’s a big spike in cross-device attacks (mostly in EU) that will typically migrate in US. So they’re coming to us because they are spending a lot of money to protect end users.”
The prevalence of mobile malware is absolutely skyrocketing in the past 4-5 months. Don’t think you’re safe — you’re not. The extraordinary spike of mobile malware infections is certainly grabbing the attention of financial institutions that are often the target of fraudulent apps and hidden malware on their trusted websites.
[Hackers to Exchanges: You’re Next]
“Within a mater of days we can protect a financial organization’s entire user base,” says Hinrichsen. “We can protect against all malware and threat types. And we do it across all devices, web and mobile channels, and we do it all in a transparent way … The fundamental key is we can detect any type of malicious data stream or scripts being injected into application from market … The fundamental piece we’re bringing to market is the protection piece code, encrypting all key data in real time in a way that even if attackers are able to get credentials (password, challenge questions, etc), they are able to take data and send it off, but it’s encrypted and the decrypt it, it needs to be done by the private key that’s on our customers' systems.”
Versafe boasts over 50 million secured customers, which includes the clients of over 30 European financial service firms, all the major banks of Israel, in addition to others in payment and money transfer services.
[Check out the Advanced Threat Confidential: 14 Lessons Learned from Real Cyber Attacks session at Interop on October 4.]