There are so many ways for thieves to steal identities that it’s hard to keep up with it all. Take, for example, keylogging. This occurs when thieves track the keystrokes of unsuspecting Internet users via surveillance software, called a keylogger recorder. If a thief can successfully install this keylogger recorder onto a computer, he/she can track literally every keystroke that a user makes.
This could include, say, email messages, instant messages, credit card information and passwords. It could be anything, really, that an Internet user does while using the Internet.
Keylogging has affected big companies. In 2003, keylogging software was found at more than 14 different Kinko locations in New York. In 2007, a Swedish bank realized it had lost more than $1 million to keyloggers and Sumitomo Banking Corporation recently found a keylogger recorder installed in its London network.
But there’s a company, StrikeForce Technologies, that’s looking to prevent keylogging with a product called GuardedID. Practical eCommerce spoke with its Executive Vice President, George Waller.
PEC: What is GuardedID?
Waller: GuardedID is a keystroke encryption software designed to protect users’ keystrokes when typing case-sensitive information, such as user names, passwords and personal information. It uses an encryption process that jumbles information into a configuration that unauthorized third-parties cannot decode or utilize.
PEC: Keylogging has obviously become a problem worldwide. And it seems to be becoming a bigger security challenge for the everyday computer user. GuardedID has been designed to stop it. How does it work?
Waller: GuardedID sits on your web-browser as a toolbar, and there are a couple pieces to it. One, when you launch your browser, it instantly opens up a second “channel” between your keystroke and the browser. In that manner, there’s not the one normal channel, there are two. Second, as soon as you start typing, our GuardedID encrypts each keystroke and it carries the keystrokes up our secure data channel, not up the normal “data stack.” It works by encrypting each online keystroke at the point of a typed key, and then reroutes that encrypted information on this separate path, directly to the users’ browsers. This avoids both malicious programs and data stacks, the places where keyloggers normally exist.
PEC: What about GuardedID’s CryptoColor? How does that technology work?
Waller: CryptoColor is our way of informing customers if their keystrokes are being safely encrypted or not. After GuardedID has been downloaded, CryptoColor assigns either a red or green highlighting to each text box on any web browser. If the text box is highlighted green, for example, your keystrokes can be safely encrypted and rerouted. We’ll also tell you, with the red highlighting, if a text box cannot be encrypted due to an unusual technology or some other reason. We’re the first company that not only tells you when you’re safe, but shows you (with CryptoColor) when you’re safe. We’ll tell you if it’s unsafe to type in that box.
PEC: Has GuardedID been tested?
Waller: PC Magazine recently took the 10 most fearsome keyloggers that they could find, and not one of them could beat GuardedID. Also, several labs throughout Brazil and Canada tested GuardedID against over 50 key loggers. Not one of them could steal the keystrokes.
PEC: How much does it cost?
Waller: The software license is $29.99, and we also offer a 30-day free evaluation.