Internet Banking Services Get Stronger Protection from Phishing - EV SSL Certificates and Phishing Site Shutdown Service Introduced -

NTT DATA Corporation this month has begun introducing two services that will enhance protection against phishing attacks ^{(Note 1)} for financial institutions using the company's Internet banking services, ANSER-WEB (Account Access)^® for individual customers and ANSER-WEB (Account Access) Corporate Edition^® for enterprise customers ^{(Note 2)}. One is the use of VeriSign Global Server ID EV, Extended Validation SSL Certificates from VeriSign Japan K.K. The other is introduction of RSA FraudAction^®, a service provided by RSA Security Japan Ltd., for shutting down phishing sites.

These services will enable more rigorous verification of the existence and legitimacy of Web sites, as well as making it possible to shut down phishing sites quickly when they appear.

As phishing crimes continue to grow unabated in Japan in recent years, people are being victimized by sites that pretend to be actual Web sites of banks or other service providers (phishing sites). Japan's Financial Services Agency, moreover, in its Guidelines for Supervision revised last year regarding security measures, strongly urges that steps be taken to bolster defenses against phishing attacks targeting users of Internet banking.

In response to this need, NTT DATA is enhancing its anti-phishing measures by introducing EV SSL Certificates to verify the authenticity of Web sites, and the Phishing Site Shutdown Service in its ANSER-WEB (Account Access) and ANSER-WEB (Account Access) Corporate Edition, used by approximately 80 financial institutions to provide Internet banking services.

1. Background

   For boosting security, NTT DATA up to now has relied on two-factor authentication, that is, the use of an additional authentication means along with the usual ID and password. In the case of Internet banking for individual customers, this additional means is the use of a one-time password; whereas for enterprise Internet banking, digital certificates were introduced and are now in use. Given the continued increase in victims of phishing attacks, it has become clear that further measures are demanded, including provision of a means for users to verify for themselves the trustworthiness of sites, and the ability to shut down phishing sites when they are created.

   With VeriSign Global Server ID EV by VeriSign Japan K.K., users of Internet Explorer 7, without needing to download any software, are assured of a site's trustworthiness by looking at the address bar, which is turned green when a site is legitimate. Since the identity of the site operator is also shown, users can confirm the legitimacy of a site visually. These advantages were behind the decision to adopt this solution.

   For shutting down phishing sites, RSA Security's RSA FraudAction was chosen and will be made available to financial institutions. This solution was selected because most phishing sites originate outside of Japan, where RSA Security has already shut down a large number of these sites; sites can be shut down any time, 24 hours a day year round; and the solution has been adopted by financial institutions in Japan, including city banks.

2. Service Overview

   1. VeriSign Global Server ID EV (EV SSL Certificate)
      1. More rigorous standards for validating site operator's existence
         The existence of site operators is verified based on more stringent world-standard authentication guidelines, assuring users that an accessed site is legitimate.
      2. Visual assurance of site legitimacy
         When Internet Explorer 7 is used as browser, the address bar is turned green to indicate that a site is using an EV SSL certificate, providing visitors easily recognizable assurance that the site can be viewed safely.
   2. RSA FraudAction (Phishing Site Shutdown Service)
      
      1. Swiftly shut down phishing sites
         Phishing sites can be shut down as soon as notice is received from a financial institution.
      2. A global 24-hour 365-day service
         Site shutdown service is available on a 24/7/365 basis, for phishing sites anywhere in the world.
      3. Acquire stolen information
         Besides the service for shutting down phishing sites, in cases where clues can be obtained about personal or other information that has already been stolen by false pretenses, service is available for extracting and restoring such information.

3. Benefits from Introduction of the Services

   Users and financial institutions gain the following benefits from these services

   1. VeriSign Global Server ID EV (EV SSL Certificate)
      1. Benefits for users
         • Users can enjoy the advantages of Internet banking services in peace of mind, since they are able to verify the legitimacy of accessed sites easily, without needing to download tools to their personal computer ^{(Note 3)}.
      2. Benefits for financial institutions
         • Financial institutions can provide users with safe and secure Internet banking services.
         • Those making use of NTT DATA Internet banking service are able to enjoy significant savings in cost and effort needed for the introduction, since NTT DATA handles each of the procedures with VeriSign Japan.
   2. RSA FraudAction (Phishing Site Shutdown Service)
      1. Benefits for users
         • The service is available without the need for setup of any kind.
      2. Benefits for financial institutions
         • Phishing sites can be shut down immediately, limiting damage to users.
         • The service for shutting down phishing sites is available 24 hours a day year round, anywhere in the world.
         • Since NTT DATA provides operation of the contact mechanism involved in shutting down phishing sites, financial institutions enjoy significant savings in operations costs.

Future Plans

NTT DATA will be making active efforts to encourage adoption of both solutions by financial institutions that make use of the company's Internet banking service.

Notes
1 Phishing refers to fraudulent activities for getting users to reveal ID and password information used to access services, by sending email that pretends to be from a financial institution, etc., or by setting up Web sites that masquerade as the official sites of financial institutions, and prompting the user to enter authentication information on the false Web sites.

2 ANSER-WEB Internet banking services are offered for both corporate and individual users. Companies using corporate Internet banking service can check their account balance, see an itemized list of transactions, transfer funds in bulk, make payroll disbursements and use other banking services, simply by using an Internet-connected Web browser and email software. NTT DATA provides ANSER-WEB (AAC) to financial institutions as a joint-use service enabling them to offer Internet banking to corporate customers. The service is already being used by approximately 80 financial institutions of all kinds, including city banks, regional banks, credit associations, and credit cooperatives.
Internet banking for individual customers offers access to such banking services as account balance checking, itemized transaction checking, and funds transfer, from an Internet-connected Web browser and email software as well as from a mobile phone equipped with a Web browser. NTT DATA provides ANSER-WEB (Account Access) to financial institutions as a joint-use service enabling them to offer Internet banking to individual customers. The service is already in use by approximately 80 financial institutions of all kinds, including regional banks, credit associations, and credit cooperatives.

3 Users of Internet Explorer 7 in Windows Vista™ do not need to install any additional software.

* ANSER and ANSER-WEB are registered trademarks of NTT DATA Corporation.
* Other names of products, companies and organizations herein are the trademarks or registered trademarks of their respective owners.