June 29, 2011 14:34 ET

IronKey Trusted Access for Banking Meets New FFIEC Guidelines

Banks Can Prevent Online Banking Fraud and Meet Compliance Obligations Today

SUNNYVALE, CA--(Marketwire - Jun 29, 2011) - IronKey's Trusted Access for Banking secure browsing solution meets the new online banking security guidelines from the Federal Financial Institutions Examination Council (FFIEC), the company announced today. The FFIEC member agencies have directed examiners to formally assess financial institutions under the authentication supplement beginning in January 2012.

"The FFIEC Internet banking guidance calls for multiple layers of security controls to prevent fraud and importantly, the guidance identifies the IronKey Trusted Access design as one of the five relevant and effective controls cited for preventing fraud," said David Jevans, chairman of IronKey and the Anti-Phishing Working Group (APWG).

One of the layered security controls recognized by the guidance to help prevent fraud is the use of USB devices "that increase session security when plugged into the customer's PC." They are effective because they "enable a secure link between the customer's PC and the financial institution independent of the PC's operating system and application software." The only commercially available product that fits this description completely is IronKey Trusted Access for Banking.

The IronKey Trusted Access for Banking approach delivers the capabilities bank examiners will now look for, requires no changes to bank systems, and stops hackers where they are attacking--- at the online banking customer's PC -- even if it is infected with the worst possible crimeware such as ZeuS, SpyEye, Sunspot, and OddJob.

IronKey Trusted Access also meets NACHA and FBI recommendations for safe online banking by providing a dedicated, isolated, and secure browser environment. The secure browser approach is also recognized by Gartner as one of the five critical security controls for preventing online banking fraud.1

IronKey Trusted Access for Banking is an intelligent security software and Internet security service that is also easy to use. Trusted Access provides a secure Web browser protected in a fully virtualized, read-only environment tailored to protect online banking sessions from known and unknown crimeware. Even if a computer is infected with malware, the online banking session remains safe, secure, and private. Unlike other approaches, Trusted Access protects an online banking client even if his or her computer is infected with the latest zero-day attack that would go undetected by antivirus or other signature-based software countermeasures, as highlighted in the FFIEC's review of today's threatscape.

The FFIEC has six voting members: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the National Credit Union Administration, the Office of Thrift Supervision, and the State Liaison Committee.

More information about IronKey's Trusted Access for Banking is available online.

About IronKey
Ranked as the 14th best venture-funded company in The Wall Street Journal's "Next Big Thing 2011" survey, IronKey secures data and online access for individuals, enterprises, and governments. IronKey solutions protect remote workers from the threats of data loss, compromise of passwords, and computers infected by malicious software and crimeware. IronKey multi-function devices connect to a computer's USB port and are easy to manage with the IronKey management service. This allows users to securely carry sensitive corporate data, strongly authenticate to VPNs and corporate networks and isolate online banking customers from Advanced Persistent Threat attacks. IronKey customers include Fortune 500 companies, healthcare providers, financial institutions and government agencies around the world. Trusted Access for Banking has also won numerous awards such as 'FutureNow 2010 Top 5' from Bank Technology News. Visit for more information.

Notes for Editors

  • According to research firm Gartner Inc., crimeware designed to takeover online banking accounts and steal money is now the most significant threat concerning U.S. banks2

  • A staggering 25% of computers, according to latest reports from the Anti-Phishing Working Group (APWG), are infected with banking Trojans or downloaders such as ZeuS and SpyEye, used by criminals to take over online bank accounts and steal millions from businesses and municipalities

  • In just one recent crime, the FBI is searching for suspects based in China near the Chinese-Russian border believed to have stolen over $20 million from U.S.-based online business bank accounts during March and April 20113

  • In a period of 12 months, over 70,000 ZeuS variants were detected in the wild, with many, many more going undetected

"Protecting Online Banking Customers from Evolving Cyber Crime Threats" -- webcast explains the latest bank phishing attacks, the ZeuS Trojan and SpyEye, and why anti-virus software, firewalls and other conventional safeguards are not able to stop these attacks.

"Trusted Access Guided Demonstration" -- product demonstration and example attacks.

About IronKey Trusted Access for Banking
IronKey's Trusted Access solves a problem that until now has been out of the bank's control -- the vulnerability of the client's PC to financial malware attacks such as ZeuS and SpyEye. These crimeware toolkits combine keyboard loggers, man-in-the-browser, 'backconnect' Trojans, and DNS tampering attacks that go undetected by up-to-date anti-virus software, firewalls and other software-based security. Using these tools, criminals defeat sophisticated bank security controls including one-time passcode token authentication and dual user payment authorization. Trusted Access enables banks to protect their business clients, even if the client's own computer is infested with the worst possible malware, by isolating their online access in a safe, bank-managed environment that is independent of the PC. The solution includes the Trusted Access USB security device, which launches a protected, virtualized operating system and Web browser that only works with the IronKey Trusted Network and limits the user's online access to bank-approved sites.

1 "The Five Layers of Fraud Prevention and Using Them to Beat Malware," Gartner, April 2011

2 Ibid.

3 FBI, April 2011 -

Contact Information