Comarch Cyber Security solutions in Finance

Secure your sensitive data and resources

The financial industry has been a leader in data security for years. It is banks, brokerage companies, insurers, leasing companies and other financial market entities that are particularly motivated to incur data security expenses, for the sake of both employees and customers. This is because financial services are one of the areas most vulnerable to cyber attacks of any kind.

While it’s often shrouded in secrecy, many cybersecurity innovations originated in the financial sector. And because "money likes silence", the financial sector is trying to stay ahead of hackers' ingenuity.

There are many ways to gain unauthorized access to services and each day brings new vulnerabilities. Classification of those starts with account breach attempts or data theft (either as a result of an attack or leakage of access data from other services). More sophisticated methods include attempts to interfere with order details, or attacks using 2SV (two-step verification).

Recent years have shown that the most effective method of securing the access to payment instruments are 2FA tools in the form of hardware tokens or advanced mobile solutions. Especially those that guarantee the undeniability of the presented data and take proper care of the security of user cryptographic material.

tPro ECC

The tPro ECC solution is a proprietary hardware token based on the strength of elliptical curves cryptography, which are currently the most efficient cryptosystem on the market, providing a higher level of security than RSA keys of the same length. Additionally, the token is equipped with an HPD (Human Presence Detection) mechanism, which makes it resistant to all kinds of remote attacks. Each authorization requires the user to press a button located on the housing of the device. The device communicates with the browser using its own protocol, and the communication itself does not require any browser extensions to be installed. Local service on the workstation ensures security and integrity of content being presented.

tPro Mobile

The tPro Mobile token is an example of an advanced mobile tool for transaction authorization and strong user authentication. The solution has been designed to meet the rigorous requirements of the PSD-2 directive. The tPro Mobile solution ensures security, uniqueness and integrity of the authorization code at every stage of its generation, as well as the integrity of the presented transfer data. Compatibility with the solution can can work on three layers:

Business layer
Network layer
Application layer

Such division allows for quick and convenient integration even in case of already existing mobile applications, where tPro Mobile is offered as a collection of tPro MobileSDK programming libraries. This makes it possible to add a security layer to the existing applications, while maintaining all the token’s advantages.

Token's advantages

What You See Is What You Sign

Asymmetric ECC cryptography for server connection

Use of TPM (Trusted Platform Module) at the cryptographic material security stage

Compatibility with RTS (PSD-2)

Anti-tampering mechanism (detection of threats in the runtime environment)

tPro Mobile Overview

Comarch Cyber Threat Protection

Comarch Cyber Threat Protection is an online threat prevention and anti-identity theft platform for workstations and mobile devices.
The platform tracks both end-user activity and their devices to calculate partial and general scoring for authentication, authorization, or any other operations. The scoring is reflective of device recognition and cyber threat-repository data. For this purpose, a lot of different artifacts are collected, based on tamper detection, or browser and device fingerprints.
The CTP platform is a rule-based system that collects and utilizes indicators to evaluate the risks related to the end-user activity. The solution has a modular structure and can be delivered as-is or as an SDK library.

Comarch IAM solution

Comarch Identity & Access Management (IAM) is a solution that provides comprehensive user identity management and the control of access to enterprise resources such as web applications, VPN services, and workstations. The modular design of the solution facilitates its adaptation to specific types of organizations, regardless of their size, structure, or geographical dispersion.

Working in conjunction with Comarch IAM Authentication Server (CIAM AS), the tPro family provides a ready-to-use solution to secure authentication and authentication operations, providing effective protection against the following attacks:

Phishing,
Man In The Middle
Man In The Browser,
Compromised credentials
Remote attacks

The CIAM AS solution itself, which is the basic module of the Comarch IAM platform, provides:

support for a variety of authentication methods, such as:
- Static passwords,
- X.509 certificates,
- software and hardware cryptographic tokens (incl. tPro family),
- OTP tokens,
token life cycle management,
support for biometric validation methods
integration with RADIUS interfaces and LDAP protocols
integration with SIEM tools
file signing
strong client authentication compatible with PSD-2
anti-tamperig mechanism (running-environment analysis)

Security can be further enhanced by using the Comarch IAM Enterprise solution

Thanks to that, apart from the value of CIAM AS, we will offer:

identity management of users and systems
managing access to domain resources in the company
full accountability
Single Sign-On for Comarch IAM applications
single logout (single logout)
reflection of the organization's structure
support for different operating contexts (a user in different organizations of the same installation may have different set of rights)
support for delegation of rights (rights of one person may be transferred to another)
multi-level administration
workflow

Such comprehensive protection of your financial system may significantly improve the image of the organization and, above all, effectively protect it against numerous cyber threats.