Friday, October 31, 2008

IBM Sticking it to Hackers

In a recent article on searchfinancialsecurity.com, IBM revealed that they are testing a new device that operates similarily to a USB mass storage device. After the device gets plugged in to the USB port the stick runs a windows internet window that allows the user to conduct secure banking transactions. The crux of the program is in that it completely bypasses computer completely. Therefore, in theory even if malacious spyware is used to find key strokes on the computer, it will not register because the internet window is being run completely outside of the computer's processes. The biggest question that remains assuming everything works is how will it be priced and if people will buy it?
In the past similar devices such as smart cards have provided banks and customers with a form of external validation before conducting secure transfers. These devices however are very expensive and sometimes not easy to use. IBM's device is different its easy to use, just plug and play, and a secure internet connection is set up to conduct transactions. Given the huge drop in the price of memory space over the years IBM could produce a production model for a relatively cheap price that will provide security to bankers and their customers in the future.

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1337090,00.html
Posted by irish at 10/31/2008 02:33:00 PM

4 comments:

  1. HOBBITRDNovember 2, 2008 at 1:50 AM

    I think another interesting question arises from this post. The post, and the source article, say that the USB stick will bypass the user's computer and open a "window" that will allow the user to conduct secure bank transfers. However, I am curious what that "window" will be like. Will it have different designs for PC's and MACs? Furthermore, if it is cumbersome and complex to work in this new "window," users will lose patience very quickly. If users lose patience, then it is likely that they will simply go back to the less secure methods. So, I agree, I think that the USB stick will allow for greater banking security while making it more difficult for hackers to trick you (or your computer) into releasing sensitive financial material. However, in addition to the price, the USB stick must be very simple and easy to use. It also must be compatible with all operating systems and must not take long to use. Only then will the average users be willing to spend the extra money for the USB stick.

    ReplyDelete
  2. Megan BeckerNovember 2, 2008 at 2:24 PM

    I thought that was an interesting article and a unique idea that IBM has developed. I agree that it would need to be very inexpensive and also user friendly in order to be successful. Another risk it presents is the possibility of loss or theft of the actual USB drive. I am curious to know what kind of security measures are taken once the USB drive is plugged in. If it is as simple as just plugging it in and conducting transactions, it would be easy for a thief to use it. What kind of authentication does it use to ensure that USB drive is being used by the right person? Also, could a product like this be used by multiple people in the same household or for multiple accounts? Or would a separate USB drive be needed for each person/account?

    I think that our generation does a lot more banking (and other financial transactions) online than our parents' generation, however we also understand the security risks better. It's taken me about four years to convince my mom to stop using floppy disks (apparently they do still make them), so it would be very difficult to persuade people like her to use IBM's new product. However, a lot of these people would be the ones to benefit from it the most. You can save time (don't need to go to the post office or bank) and money (no stamps, no gas used) with these products. However, if this USB drive is not inexpensive and easy to use, it's not going to be worth purchasing. People will continue to either use insecure banking or not use online banking at all.

    ReplyDelete
  3. JonathanNovember 2, 2008 at 6:39 PM

    Megan brings up an interesting point about the generational divide and technology use. I've personally witnessed my mother octo-click something because it wasn't loading fast enough.

    Now consider the fact that usb drives take a considerable amount of time to load on the system (when compared to the speed of current banking systems). Combining general user impatience with the physical hassle of booting a usb drive (and subsequently logging in again), I don't anticipate a significant level of immediate product adoption.

    Hopefully IBM has already addressed such issues and minimized the drive's impact on system resources and user patience.

    ReplyDelete
  4. SMartinNovember 2, 2008 at 10:03 PM

    I believe that this is a good idea in theory. But inorder for people to buy this device you would have to convince the buyers that the way they currently doing online banking is not safe. This would not be hard if the person has already had a people with identity theft or something of that nature, but if they have the "it won't happen to me" attitude like many people do it will be hard to convince them. I also agree that it would have to be simple to use and would have to operate rather quickly or more and more people will be willing to risk not using the device if it is faster to just do it online through the banks website.

    ReplyDelete

Subscribe to: Post Comments (Atom)