CIT Global has created a powerful security solution framework, developed to support various ePayment, mPayment, eCommerce and mCommerce initiatives and implementations.
This architecture enhances the current security to higher levels, by introducing audited authentication of customers and institutions, providing signing and guaranteed non-repudiation for each transaction and interaction.
This architecture is flexible, modular and application-independent, and as a result can be easily integrated with single or multiple application components and environments, including public or private certification and registration authorities, directory services, clients and secure back-end applications servers. The same solution components can also be implemented on customer devices, such as PDAs , mobile phones and many others.
Internet merchants act as the gateway for processing all payment transactions initiated by end users shopping on the internet. To increase market share, internet merchants need to enhance and expand their services and provide unparalleled security to their clients.
CIT Global also provides a strong suite of security consultation services. Our certified security experts provide guidance in the development of security strategies, methods and practices. This is complemented by a team of qualified professionals allowing us to provide you with a complete end-to-end secure solution.
eSecurity Consultancy
CIT Global consulting covers the whole spectrum of the PKI infrastructure; including authentication, privacy, integrity, and non-repudiation. This includes all levels of security requirements according to the organization needs.
CIT Global offers a three tiered set of consulting services, where CIT Global eSecurity practice conducts a gap analysis assignment, provides accordingly a comprehensive recommendation report of the impacted areas, and finally develops a high level implementation plan for the organization to ensure full security compliance.
Gap Analysis
In order to provide adequate security for each client business needs, detailed gap analysis of the whole environment should be conducted, taking the following into consideration:
- Current and future infrastructure
- Business needs; current and future requirements
- Technology needs; current and future requirements
- Business process impact
- Legal requirements and standards
- Synergy and consistency in overall recommendations
- Threats in relation to allocated project budget
A deliverable of such phase is to produce a document describing the security framework adapted, with the exact areas that need to be changed, along with the security recommendations and justifications for each given recommendation.
One of the main gap analysis objectives is to also provide the bank with a strong feel for the required work amount that will be needed. Therefore, budget can be allocated upfront in addition to avoiding any unexpected surprises.
Specifications Development
Following the gap analysis, CIT will conduct a detailed analysis in order to produce the needed business and technical specifications.
Implementation Plan Development
A high-level implementation plan will be developed to effectively comply with the developed security specifications. CIT can help in managing the implementation on behalf of the client. It is expected that CIT will work in conjunction with multiple vendors of the client in some project phases, depending on the agreed upon scope and project phasing.
ADVANCED TOKEN AUTHENTICATION (ATA)
ATA represents a revolutionary "Patent Pending" security technology used for authentication and fraud prevention through the seamless integration with the user’s device in a non intrusive manner providing the advanced security features while leaving the user experience intact
ATA is based upon the concept of device identification features where the device footprint is captured and added to a central database for future authentication and fraud control. Through the usage of shared secrets in the shape of cryptographic keys (PKI), ATA is capable of generating One Time Secrets providing a transaction certificate aiding the non-repudiation concept.
ATA provides portability through the registration and activation of both new (including temporary devices) and existing devices according to predefined business rules for device sharing between users allowing users to share device and register multiple devices when needed with no implication on the provided security control.
One of the unique features for ATA is related to the mechanism of exchanging data between the device component and the backend system via the automated integration with the device’s browser bypassing firewalls without affecting the user experience or network requirements.
ATA provide 3 factors related to authentication:
- Authenticating the user
- Authenticating the device
- Protecting the whole system from hackers using cryptography.
Technology Features:
- Smooth user experience
- Portable system
- Extensive security capabilities
- Fraud protection
- No extra hardware required
|
