The multiple award-winning Secure Pocket Drive from SPYRUS has emerged as the "gold standard" of pocket-size security devices to help financial institutions meet the new online banking security guidelines from the Federal Financial Institutions Examination Council (FFIEC). Secure Pocket Drive also meets NACHA and FBI recommendations for safe online banking by providing a dedicated, isolated, and secure computing environment.
Banks must adopt a layered approach to security in order to combat highly sophisticated cyber-attacks, the FFIEC said in a supplement released June 28. The new rules update the 2005 "Authentication in an Internet Banking Environment" guidance to reflect new security measures banks need to fend off increasingly sophisticated attacks.
One of the layered security controls recognized by the guidance to help prevent fraud is the use of USB devices "that increase session security when plugged into the customer's PC." Unlike competing solutions that increase the attack surface by adding virtualization and sandboxing software, Secure Pocket Drive boots the PC directly into a fast, native, Microsoft Windows Embedded Standard 7 operating system contained within the drive itself. Since the Microsoft Windows operating system running from Secure Pocket Drive doesn’t access the host PC’s hard drive, there is no chance of cross-contamination with the environment that is used every day. Thus, Secure Pocket Drive "enables a secure link between the customer's PC and the financial institution independent of the PC's operating system and application software," as recommended by the FFIEC.
Because Secure Pocket Drive boots a native Microsoft Windows operating system, it delivers the capabilities that bank examiners will now look for without the use of proprietary vendor back-end services that require changes to existing bank infrastructure systems.
Secure Pocket Drive stops hackers where they are attacking--- at the customer's PC, by presenting a secure, read-only, and easy-to-use thin client environment to banking customers while allowing security administrators to ensure that the device is always patched, up-to-date, and is enforcing the institution’s latest security policies. If lost or stolen, the device can be deactivated remotely.
Even if a computer is infected with malware, browser sessions initiated using Secure Pocket Drive remain safe, secure, and private, as highlighted in the FFIEC's review of today's threatscape.