Authenticate. Encrypt. Sign. In any form factors. Thales Gemalto PKI solutions keep your corporate assets safe.
These solutions address corporate banking and complement the digital banking security solutions developed for retail bank customers.
Recent social engineering attacks
Social engineering fraud in corporate banking is the term used for a broad range of malicious manipulations designed to perform fraudulent digital operations and transactions in domains such as cash and credit management, asset management and underwriting to small and medium-sized enterprises and large corporations.
What makes social engineering (computer-based) attacks especially pernicious is that it exploits the human element prone to errors such as misinterpretation, routine…and too much trust instead of system vulnerabilities.
Recent social engineering attacks on financial institutions in the digital world include trying to:
- Impersonate mandated account holders and signatories to perform fraudulent operations on their behalf,
- Modify the content or the purpose of operations when they get signed by these mandated users.
The problem? Think about it.
In a public key infrastructure (PKI), a qualified signature is legally binding.
The question is:
Can we mitigate this kind of threat?
The Gemalto PKI Software Suite includes complementary solutions to develop more defensive capabilities for legacy PKI infrastructures.
Understand What You Sign (UWYS) – Gemalto Swat Reader
Gemalto Swat is our high-end solution for corporate banks that wish to provide best-in-class security to their customers and subsidiaries for their electronic Bank Account Management (eBAM), their Automated Clearing House (ACH) activities, their wire transfers, and interbank payments.
Gemalto Swat reader is a signature device that can fit into existing PKI systems to provide contextual control and device authentication during all the PKI signature operations.
The solution allows financial institutions to bind any sensitive operation with a context description warranting the integrity of both the content (see: WYSIWYS) and the purpose of an operation (understand: UWYS).
In the case below: "You are signing a batch of 52 transactions amounting to 350 USD".
It provides a UWYS (Understand-What-You-Sign) experience to the signer, mitigating state-of-the-art MitB (Man in the Browser) and social engineering attacks while privileging ease-of-use and mobility.
Gemalto Swat Reader
This signature device can fit into existing PKI systems to provide contextual control and device authentication during all the PKI signature operations.
- Embedded secure element processing device authentication and displayed text signature
- Secure PIN entry
- Large display providing signature purpose description
- USB or BLE connexion
- PC, Mobile, and Tablet support
Gemalto eToken 5300
An ideal solution for an enterprise looking to deploy high security of PKI while maintaining a convenient solution for employees.
- Compact, tamper-evident USB with presence detection, which creates a third-factor authentication (3FA)
- Advanced certificate-based applications such as digital signature, email encryption, and pre-boot authentication
- Secure remote access to VPNs, web portals and secure network logon
- Two possible sizes: Mini or Micro
Gemalto eToken 5300 is a 3-factor authentication smart token to enhance legacy PKI systems.
What You See Is What You Sign (WYSIWYS) – with Gemalto Websigner
WYSIWYS refers to a functional method that visibly ensures the integrity of electronic documents and their digital signatures.
The truth is that a signer never really sees what he/she digitally signs.
He/she sees only a representation of the electronic document and the e-signature. This process is due to the technology underlying the implementations of the digital signatures. A document and its signature are just a set of bits.
So how can a signer be sure that the message read on a browser is genuine, from the right source, and agree on the content it displays?
Full "see and understand" signature experience.
With Gemalto Websigner, the new web extension technology promoted by the leading browser suppliers, the Swat solution can provide a full web-based WYSWYS and UWYS signature experience on recent Chrome, Firefox, and Edge browsers.
The Swat device features a standard PIN pad enabling Secure PIN Entry (SPE) and allowing to perform usual cryptographic operations using a PKI smart card.
But besides, the Swat device allows the signer to understand precisely what he is requested to sign to mitigate specific social engineering attacks.
This feature is the UWYS concept that relies on three features:
- Secure PIN code (against PIN login malware and replay)
- WYSWYS control of the operation details by the signer in sync with the Bank PKI signature control (against MitB and MitM)
- UWYS control of the context by the signer (against social engineering and HTML injection to fool the user).
Compliance with corporate banking standards
The presented solutions are also fully compatible with the main standards requested by financial institutions such as:
- ISO 20022 for electronic data exchanges much used by eBAM and ACH,
- XMLDsig and PKCS#7 for digital signatures,
- or PSD2 compliance for strong authentication and dynamic linking of transactions.
Corporate banking and Thales
Based on over 15 years of experience in corporate banking, Thales has gained the trust of millions of users in corporate banking that daily use Thales authentication solutions, especially PKI’s ones.
Now you can mobilize Thales security solutions and experienced banking service teams to support your project.
Our customers trust us to deliver. So you can.
Gemalto PKI Software Suite
Gemalto Websigner is a PKI software that enables your web applications with Sign-What-You-See (SWYS) capabilities in compliance with the most current browser security standards.
Gemalto Web Connector
The Gemalto solution that directly links your web application to your connected OTP tokens or PKI devices without requiring any middleware installation or administrator rights on your PC.