Stopping Fraud Where it Begins
The SiteTrust Client Protection module is a revolutionary solution to protecting credentials and transactions by creating a secure channel between the customer’s keyboard and the business website. SiteTrust evades malware, leaving it blind to the online transactions occurring on the infected customer computer that a company is conducting business with. Through a combination of validating or bypassing operating system processes and encrypting the information as it passes through necessary but insufficiently protected parts of the OS, SiteTrust bypasses known attack vectors and uses self-diagnostics as well as active defense to secure your customer credentials and transactions. It is simple to deploy to customer computers and maintains the familiar web browsing experience they expect.
Securing the Communications Channel
To mitigate the transmission attack vector including session hijacking, The SiteTrust Client Module also includes mutual authentication and encryption capabilities protecting the transaction as it moves the customer or partner machine and the SiteTrust server components. SiteTrust has the unique ability to ensure that:
- The consumer is authenticated to their computer
- The consumer’s computer is authenticated to the company server and website
- The company’s website is authenticated to the consumer’s computer
- The multi-step authentication hand-shake is reconfirmed with each transaction
- All transaction traffic between the two is both encrypted and tunneled
This automated strong authentication capability combined with fully integrated encryption and tunneling that goes beyond SSL enables SiteTrust to effectively prevent Man in the Middle, Phishing and Session hijacking attacks. Most importantly, SiteTrust does not require costly and time consuming modifications to existing web applications. SiteTrust is available for Apache and other Java application server environments with Microsoft IIS available in the second half of this year.
The SiteTrust Client Module includes a tamper resistant Agent that protects itself from unauthorized removal but also allows the owner and administrator of the computer to retain control over the agent and uninstall though a controlled process if they so choose.
