In the vault: The Coastal Bank and IronKey
In the vault: The Coastal Bank and IronKey

A continuous process

But, the sanctity of protecting financial assets is a continuous process. The bank has introduced many new multifactor authentication systems along with significant detection capabilities to ensure its customers' transactions are safe, secure, authentic and verifiable, Montgomery says.

"The greatest risk facing The Coastal Bank and our online banking customers today is the security of their own PCs and networks," he says. "Criminals are using the path of least resistance and using client information to take over their computers to cause financial harm to the customer and the bank. With IronKey Trusted Access we offer our customers a way to conduct online banking on a dedicated, secure and isolated platform that's simple and convenient for them to use."

The Coastal Bank is further differentiating its client-focused services with Trusted Access, because it isolates clients' online access in a safe, bank-managed environment that is independent of the PC, Montgomery says. IronKey protects online banking customers even if their PC has been compromised with financial malware, including keyboard loggers, man-in-the-browser or ‘backconnect' trojans.

"Our customers want to know that they are protected from these threats," says Montgomery. "It is equally important to them and The Coastal Bank to know that all activity through IronKey is safe and secure, eliminating the extra risks and security concerns present in today's online banking environment.

The Secure Browser is just one layer of security provided by the Trusted Access Platform, says IronKey's Bocek. Support for smartphone-based authentication has already been announced and additional analytics to detect and prevent fraudulent transactions is planned. The platform allows banks to start with secure browsing and add additional layers of security later.

Policy and setting updates are pushed automatically to end-users after administrators change settings, Bocek says. All policy changes are digitally signed. Software updates are made available to bank administrators first. Administrators can test software updates in a controlled environment. Once accepted, administrators can push software updates to end-users automatically. All software updates are digitally signed and only updated files are downloaded.