Protect your customers with smart sever choices today.
Advice for Web sites that want to have a secure connection to on-line financial customers today. Note that retail customers will be less likely to tolerate restrictions unless there is some added value provided, for example additional hi-value services. Commercial users already have the incentive of unlimited liability. It is assumed that typical fraud detection sofware and Extended Validation (aka green bar) cert is running on the server before any of the following ideas are tried.
1. Only allow transactions from current browsers, like IE8 and later.
2. Add bank site to the user's "internet zone" to make sure that it runs with medium integrity.
3. Ask the user to create a separate user account that is limited to financial transactions.
4. Ask the user to run on a separate computer or VM with no ability to install programs in that space.
5. Provide the user with a smart card and reader or other source of private key mutual authentication over SSL.
6. Provide the user with USB or other token that is used on every single hi-value transaction.
7. Use SMS or other out-of-band source of verification codes that users need to key into the web site for every hi-value transaction.
Top Cat Networks
ca0_net@live.com