New EFT Verifier Thwarts ZeuS

Authentify app protects accounts and alerts users of accounts compromised by ZeuS malware and other keystroke loggers

April 15, 2010

3 Min Read

PRESS RELEASE

CHICAGO, April 7, 2010 -- Authentify, the leader in phone based out-of-band authentication today announced the release of its ETF Verifier application. ETF Verifier enables financial applications and payment platforms to alert legitimate account owners via phone whenever a new payee or funds transfer destination account is added to the user's financial account. This verification process permits the account owners to authorize a transaction or, more importantly, cancel a transaction if they are not behind the activity themselves. Adding new destination accounts has been the point of attack for the organized criminals behind ZeuS and its variants for getting cash from compromised accounts.

Keystroke loggers like ZeuS and Zbot capture everything a user may type on his or her keyboard including bank account numbers, passwords and other logon information. Even when an account is compromised, however, the trick is still getting funds out of the account. Electronic funds transfer via wire transfer or e-payment applications have become the vehicles of choice for criminals moving money out of a compromised account. The final step is the addition of a new destination account number or new payee for an account controlled by the fraudsters.

"Turning what you've stolen into cash is the critical point in most thefts," according to Peter Tapling, President and CEO of Authentify. "If I break into your home and steal jewelry, I still have to "fence" the items to get cash. The fraudsters must move money to an account they control to turn those logged keystrokes into cash. Stop them from adding a new payee or transfer account number and you stop the theft."

Authentify's ETF Verifier process can be invoked whenever a new payee is added to an online payment or wire enabled account. The totally out-of-band authentication process sends an XML message to Authentify's telephony service center. The message triggers a phone call to a telephone number on file for the account owner. A portion of the transaction details including payee identification is repeated audibly to the legitimate account owner over the phone. The account owner can then allow or cancel the transaction using their telephone keypad.

"Clearly if you're not involved in a financial transaction and you get a phone call to validate a wire transfer from your online account, you know something is wrong", according to Tapling. "The call provides both the chance to stop the transaction and delivers a red alert that your account has been compromised."

ETF Verifier is available now and a demonstration is hosted on the Authentify Web site at www.authentify.com.

About Authentify, Inc.

Authentify, Inc. is the leading provider of telephone-based, out-of-band authentication services. These services enable organizations that need strong security to quickly and cost-effectively add 2-factor or 3-factor authentication layers to user logon, transaction verifications or critical changes such as adding a payee to an e-pay or wire account. The company's patented technology employs a service oriented message architecture and XML API to seamlessly integrate into existing security processes. Authentify markets primarily to financial services firms that need to protect their clients' online accounts, corporate security professionals managing corporate access control, and e-merchants who want to limit fraud on their sites.

Read more about:

2010
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights