Linux touted as the solution to online-banking problems

Banks could soon be making their customers boot Linux from customised CDs to ensure the security of online transactions, if one Australian firm's idea takes off
Written by Renai LeMay, Contributor

Australian company Cybersource says it's currently talking to two banks in Australia about providing Linux-based bootable CDs to consumers to ensure Internet banking security.

The company yesterday released information about its Online Banking Coastguard solution. Coastguard is based upon Knoppix, a Linux distribution which boots entirely from CD and is known for its automatic hardware detection features. Cybersource has included Mozilla Firefox as the sole browser for Internet banking.

"We've brought it to the attention of several banks, and are in reasonably serious discussions with two of them," said Rohan Tronson, Cybersource's Coastguard product manager. Although he wouldn't say which companies were involved, Tronson acknowledged his company was talking to both national and regional players.

"One of them has considered the technology, but has already made a commitment to another technology, which is tokens. While it's [Coastguard] not incompatible with tokens, they've already made certain agreements with a certain company involved with those tokens. They've chosen at this stage not to make it something that they'll carry as a major product," Tronson said.

"However we are still in discussions with a section of that bank, to use the technology in a slightly different area, within the bank and within a project that the bank supports — we're likely to use something similar to this," he continued. He said that Cybersource would be shortly demonstrating its software to the second bank that it was in discussions with.

"We don't expect too much action at this point from the major banks," said Tronson, although his company has approached them with the Coastguard solution. "We'd probably expect some of the more regional ones or some of the providers of other financial services to be the first onboard with something like this."

However, Cybersource may find it tough going selling its Firefox-based solution to the major Australian banks. None of the larger players officially support Firefox- or Linux-based access to their systems, although various online guides exist to guide Linux users through the process of configuring their system for each particular bank. The complexity of each solution varies between banks, with those that provide Java-based Internet banking (such as St George) requiring the most tweaking.

Tronson did make it clear that if necessary, his company would customise its product to a bank's needs, saying: "There are other browsers available (Netscape, Opera, etc). If necessary we would be happy to replace Firefox with one of these (subject to licensing of course) as part of the customisation process."

Tronson claimed that the main attacks against banks and banking customers were "not necessarily solved by alternative security measures such as tokens and other forms of second factor authentication", feelings which echo recent statements by Net security and encyrption guru Bruce Schneier. Tronson argued that Coastguard would be a better solution for secure Internet banking because it provided "a totally locked-down, secure operating system and applications from non-modifiable media, with DNS-lookup configurations hardwired to secured servers provided by the banks themselves".

When building Coastguard, Tronson said, Cybersource recognised that Knoppix "is not particularly friendly or familiar to the majority of people". So the company took the Linux distribution and used the open source IceWM window manager to build a "user interface that had been made to look and behave much like the Windows XP that most users are used to".

In addition, the company pared down the Linux distribution so that it would supply "just the tools necessary for the single purpose of online banking". Tronson also said his company had secured the underlying Linux system and put extra development effort into ensuring that it would "function smoothly in a far wider variety of environments" than Knoppix normally would.

Cybersource plans for banks to put their own branding onto the product and make it an officially supported secure channel for accessing Internet banking services. The company envisages banks providing bootable CDs of Coastguard alongside other branded marketing material.

Renai LeMay reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

Editorial standards