Madrock

General Questions

• How can users gain access to the SCADA application?
• Objective to consolidate access to all information sources – i.e. to make access available to all users via a single interface
• Are any RAS modems utilised within the SCADA environment?
• Is the RAS call back feature utilised?
• Is the mandatory RAS encryption feature used?
• Are users allowed multiple attempts at authentication on the RAS?
• Has the RAS auditing feature been enabled?
• How is access between the business / corporate network and SCADA network controlled?
• How is the administrator password controlled?
• How is vendor access to the SCADA network controlled – i.e. password changes after contract has been completed?
• Are SLA’s for outsourced support agreements reviewed on a periodic basis?
• Are critical components of the SCADA Network supported by a UPS and are these batteries tested on a regular basis to ensure that they are reliable?
• What capacity management and monitoring of critical SCADA network systems is performed (i.e. CPU utilisation and hard disk drive space)?
• Are legal captions utilised during the login process to the SCADA application and associated infrastructure / devices?
• Has an intrusion detection system (IDS) been deployed within the SCADA environment?
• Has security been a focus within the development and deployment of the SCADA network?
• Is there additional staff screenings performed when staff are hired to work within the SCADA environment (inclusive of vendors etc)?

Policies & Procedures

• Is there a defined security strategy for the SCADA environment?
• Who is responsible / accountable for security management within SCADA environment? Has the ownership of this responsibility been clearly defined and/or stated in any documentation?
• Are there any periodic security reviews of the SCADA network performed?
• What procedures are in place to handle the disposal of SCADA network media and devices? Additionally, is there a process in place for the disposal of confidential information / documentation?
• Are there any policies or procedures covering the introduction of new devices to the SCADA environment?
• What formal change control procedures exist for the SCADA environment?
• Does a formal disaster recovery plan exist for the SCADA environment?
• Does a formal business continuity plan exist for the SCADA environment?
• Do physical and logical security standards differ significantly between SCADA sites?
• Has a standard operating environment (SOE) minimum baseline standard been developed for systems being introduced into the SCADA environment?
• What security logs are maintained for critical computer equipment and how often are the logs reviewed?
• Who is responsible for the reviewing of security logs?
• Has access to event logs been restricted?
• Upon commencement of employment, are users provided with IT security information as part of the induction process? Additionally, are users provided with further information on security issues on a periodic basis?
• What procedures exist to monitor dial-in access?
• Is there a formally defined backup and recovery procedure?
• Are encryption techniques and/or passwords applied to backup tapes?

Physical Access

• How is physical access to SCADA terminals controlled?
• Are SCADA control rooms segregated from other rooms?
• What building security exists at remote sites to prevent unauthorised access?
• What authentication methods are used at remote sites to allow access – i.e. swipe cards?
• Are external windows at remotes sites barred?
• What alarm systems have been employed at remote sites?

Network Security

• Have all deployed routers been configured to ensure the filtering of communications that are unauthorised or not required?
• What traffic control and monitoring capabilities have been deployed – i.e. all communication travels to a central point before traversing further on the network.
• How are dial-in facilities to the SCADA environment secured?
• How is suspicious or unusual activity on the SCADA WAN detected?
• What firewall configurations have been set up to segregate the SCADA WAN from the United Water corporate network?
• Are all key filtering devices on the network (such as routers and firewalls) configured to log all attempts to access the network? If so are they reviewed on a regular basis?
• Have the auditing features of all routers and firewalls been enabled?
• Has access to event logs been restricted?
• How is the management of patches / hot fixes controlled in regards to firewalls and routers?
• What backup and recovery measures are in place for network resources – firewalls and routers?
• Has SNMP been implemented on core infrastructure?
• Has any wireless equipment been deployed within the SCADA environment – has this been configured to a secure state?
• Are all default passwords removed from SCADA devices after implementation?
• Does a development environment exist to test changes prior to deployment into the SCADA network production environment?

Workstation Security

• What operating systems (version) are installed on SCADA terminals?
• Have operating system level passwords been activated on all SCADA terminals?
• Do passwords have an indefinite expiry date?
• What file and directory permission controls have been implemented on SCADA terminals to restrict unauthorised access by general users?
• What logs are generated at the operating system level?
• Has access to event logs been restricted?
• What tools and services at the operating system level have been restricted for general users?
• Who is responsible for patch management of SCADA terminals?
• Has an audit feature been enabled for all SCADA terminals?
• Are default services available with the operating system restricted?
• Is virus protection implemented? Is this software manually or automatically updated?
• Are shares enabled on SCADA terminals / workstations?
• Are SCADA terminals backed up on a regular basis?
• Is registry auditing of SCADA terminals performed?
• Are user reviews and associated access rights performed on a regular basis?

SCADA Application Security

• What are the username and password requirements of SCADA application?
• Are session time out features activated?
• Are complex passwords enforced to access the SCADA application?
• Are user reviews and associated access rights performed on a regular basis?

System Penetration Testing

• Internal penetration testing
• External penetration testing
• Password strength tests

Changes to the SCADA network

• Please provide / list all potential changes being considered to the SCADA network.

When considering Mobile Banking security and the associated risk, the an assessment approach depends greatly on the solution being created or provided.
Generally the approach is based on layered standards supporting and surrounding the technologies and techniques used.

Here are some things to consider.

Security assessments generally focuses on two main things.

1/ Sensitivity of the data
What is being sent. eg. Pin, credit card numbers, account balance, home address, bank account number, etc.
Data may not be sensitive to the bank, but may be considered by the client as sensitive.
etc……….

2/ Opportunity to access the data.
What medium is being used?
Is it easy to hack?
What encryption is being used?
Are all data paths secure (client and back end)?
Is there a 3rd party involved in the switching of the transactions?
etc………

Things to consider:

• Pin resets sent via SMS to client, should not be used as the only method of accessing accounts. An additional client specific (possibly static) pass word/phrase should be used in addition to a dynamically generated pin. SMS can be sniffed (depending on mode and location).
• If WAP is used, are all devices capable of encryption? If devices are not capable of encryption, do we deny access to these devices? If client side JAVA or intelligent device (win CE, etc), ensure this can not be compromised by a Trojan’s and other key logging techniques.
• Has the organisation considered client side certificates to verify the device prior to transactions being accepted? Consider multiple device and user identification methods (very solution dependant).
• Most mobile POS terminals encrypt the client entered Pin number, but do not encrypt everything within the transaction. If the transmission medium is compromised, we should consider if the encryption can be cracked and if unencrypted data is sensitive. Consider additional data encryption encapsulation i.e. use of all of message encryption (SSL, IPSEC) or use a terminal that utilises Derived Unique Key Per Transaction (DUKPT).
• Many banking applications have been affected by typical hacks such as session hijacking, SQL injection, non random session keys (client side and server side), etc… These typical hacks should be considered in your Secure SDLC and QA Processes once you are aware of the technology used and/or deployed.
• PBX systems and cabling distribution frames can have devices connected to collect transactions. Wireless devices are now being connected to these systems. The attacker sits in their car in the car park outside. This is often done in super markets.
• Wireless transaction gateways if not encrypted are easily collected by anyone within wireless range. 802.11 and other wireless/infra-red mediums are being used (assess the technology and medium being used).
• Has the organisation considered dynamic keys for mobile users? There are some very low cost SecureID type solutions available today, but customers need to have these devices on them when they want to do a transaction.

I read a very interesting paper created by the University of Massachusetts, RSA Laboratories and Innealta, Inc.<<

This paper primarily relates to the compromise of contact less payment technologies (RFID) if the RFID and/or reader have not been implemented correctly or the solution provider has used an inappropriate type of RFID and discusses the challenges around Chip and Pin with respect to financial transactions e.g. EMV standards and compliance.

Additionally, the paper describes a RFID relay method which is being discussed within many forums around the world and we have now begun to see equipment being produced for the RFID skimmers/clonners to use for malicious means.

The overarching point of this paper is to use an appropriate RFID & Chip solutions which supports the security/privacy of the user and purpose of the transaction (financial or non financial)<<

The paper can be found at http://prisms.cs.umass.edu/~kevinfu/papers/RFID-CC-manuscript.pdf

In modern payment RFID & Chip solutions, newer devices can be used which possess a high degree of processing power and are therefore able to execute strong cryptographic methods (such as digital signatures) to protect the identification and payment information whilst the transaction is occurring.

These systems often utilise bidirectional authentication between the RFID/Chip scanner and the RFID tag/Chip prior to performing the transaction. These methods and cryptographic algorithms are accepted and proven to work within the traditional payment markets.

As mentioned in the paper, some solution store static digitally signed and/or encrypted data which is provided to the RFID/Chip reader when queried, but this data never changes from one transaction to another. This may allow a malicious individual to capture and re-inject the data into the reader at a later stage. The alternative to storing static digitally signed and/or encrypted data is to negotiate a key exchange at the time of the transaction in which the card/value information is encrypted and subsequently transmitted. With this method the transmitted data
changes on every transaction and therefore even if a malicious individual was to capture the encrypted transaction data from one transaction, this would not be accepted by the reader if re-injected at a later stage.

Although this is the case today, older RFID/Chip solutions often use technologies which are not appropriate for financial transactions and therefore may be compromised easily and in some cases without the knowledge of the card holder, merchant or acquirer.

I find this interesting how some of these less secure solution have been approved for use by acquiring banks and the card schemes around the world (if they were told) in recent years, where it has been seen that these solutions have utilised techniques or deployment methods which can be compromised. These technologies and techniques would never be approved within the Point of Sale (PoS) or traditional banking markets.

It can only be assumed that the need to get product to market quickly at the expense of proper testing, understanding and with due consideration to industry lessons learnt has succeeded again.

An international standard for proximity or contactless smart card communication

ISO 14443 contactless card

ISO 14443 is an international standard which describes how contactless cards and terminals should work to ensure industry-wide compatibility, for example in identity, security, payment, mass-transit and access control applications.

ISO standards are developed by the ISO, the International Organization for Standardization. Technical committees comprising experts from the industrial, technical and business sectors develop the standards to increase levels of quality, reliability and interoperability on a global scale.

Gemplus has always had a strong involvement in ISO definition of the chip card standards, and has been represented in the development of this international standard. The ISO 14443 is divided into 4 separate parts outlining physical characteristics, radio frequency power and signal interface, initialization and anti-collision and transmission protocol.

Gemplus has developed a wide range of contactless payment solutions based on the ISO 14443 international standard. The speed and convenience of contactless technology has created a significant demand for this sort of solution in environments such as fast food restaurants, gas stations, public transport services, banks and many others.

Source

This article is about the Bluetooth wireless specification. For King Harold Bluetooth, see Harold I of Denmark

Bluetooth is an industrial specification for wireless personal area networks (PANs).

Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency.

Bluetooth lets these devices talk to each other when they come in range, even if they’re not in the same room, as long as they are within 10 metres (32 feet) of each other.

The spec was first developed by Ericsson, later formalised by the Bluetooth Special Interest Group (SIG). The SIG was formally announced on May 20, 1999. It was established by Sony Ericsson, IBM, Intel, Toshiba and Nokia, and later joined by many other companies as Associate or Adopter members.

Table of contents * 1 About the name * 2 General information o 2.1 Embedded Bluetooth * 3 Features by version o 3.1 Bluetooth 1.0 and 1.0B o 3.2 Bluetooth 1.1 o 3.3 Bluetooth 1.2 o 3.4 Bluetooth 2.0 * 4 Future Bluetooth uses * 5 Security concerns * 6 Bluetooth profiles * 7 See also * 8 External links

About the name

The system is named after a Danish king Harald Blåtand (<arold Bluetooth in English), King of Denmark and Norway from 935 and 936 respectively, to 940 known for his unification of previously warring tribes from Denmark, Norway and Sweden. Bluetooth likewise was intended to unify different technologies like computers and mobile phones. The Bluetooth logo merges the Nordic runes for H and B.

General information

A typical Bluetooth mobile phone headset

The latest version currently available to consumers is 2.0, but few manufacturers have started shipping any products yet. Apple Computer, Inc. offered the first products supporting version 2.0 to end customers in January 2005. The core chips have been available to OEMs (from November 2004), so there will be an influx of 2.0 devices in mid-2005. The previous version, on which all earlier commercial devices are based, is called 1.2.

Bluetooth is a wireless radio standard primarily designed for low power consumption, with a short range (up to 10 meters [1], ) and with a low-cost transceiver microchip in each device.

It can be used to wirelessly connect peripherals like printers or keyboards to computers, or to have PDAs communicate with other nearby PDAs or computers.

Cell phones with integrated Bluetooth technology have also been sold in large numbers, and are able to connect to computers, PDAs and, specifically, to handsfree devices. BMW was the first motor vehicle manufacturer to install handsfree Bluetooth technology in its cars, adding it as an option on its 3 Series, 5 Series and X5 vehicles. Since then, other manufacturers have followed suit, with many vehicles, including the 2004 Toyota Prius and the 2004 Lexus LS 430. The Bluetooth car kits allow users with Bluetooth-equipped cell phones to make use of some of the phone’s features, such as making calls, while the phone itself can be left in a suitcase or in the boot/trunk, for instance.

The standard also includes support for more powerful, longer-range devices suitable for constructing wireless LANs.

A Bluetooth device playing the role of “master” can communicate with up to 7 devices playing the role of “slave”. At any given instant in time, data can be transferred between the master and one slave; but the master switches rapidly from slave to slave in a round-robin fashion. (Simultaneous transmission from the master to multiple slaves is possible, but not used much in practice). These groups of up to 8 devices (1 master and 7 slaves) are called piconets.

The Bluetooth specification also allows connecting two or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role in one piconet and the slave role in another piconet. These devices have yet to come, though are supposed to appear within the next two years.

Any device may perform an “inquiry” to find other devices to which to connect, and any device can be configured to respond to such inquiries.

Pairs of devices may establish a trusted relationship by learning (by user input) a shared secret known as a “passkey”. A device that wants to communicate only with a trusted device can cryptographically authenticate the identity of the other device. Trusted devices may also encrypt the data that they exchange over the air so that no one can listen in.

The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR), and thus reach 2.1 Mbit/s. Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load).

Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. A glib summary is that Bluetooth is wireless USB whereas Wi-Fi is wireless Ethernet.

Many USB Bluetooth adapters are available, some of which also include an IrDA adapter.

Embedded Bluetooth

Bluetooth devices and modules are increasingly being made available which come with an embedded stack and a standard UART port. The UART protocol can be as simple as the industry standard AT protocol, which allows the device to be configured to cable replacement mode. This means it now only takes a matter of hours (instead of weeks) to enable legacy wireless products that communicate via UART port.

Features by version

Bluetooth 1.0 and 1.0B

Versions 1.0 and 1.0B had numerous problems and the various manufacturers had great difficulties in making their products interoperable. 1.0 and 1.0B also had mandatory Bluetooth Hardware Device Address (BD_ADDR) transmission in the handshaking process, rendering anonymity impossible at a protocol level, which was a major set-back for services planned to be used in Bluetooth environments, such as Consumerism.

Bluetooth 1.1

In version 1.1 many errata found in the 1.0B specifications were fixed. There was added support for non-encrypted channels.

Bluetooth 1.2

This version is backwards compatible with 1.1 and the major enhancements include

• Adaptive Frequency Hopping (AFH), which improves resistance to radio interference by avoiding using crowded frequencies in the hopping sequence
• Higher transmission speeds in practice
• extended Synchronous Connections (eSCO), which improves voice quality of audio links by allowing retransmissions of corrupted packets.
• Received Signal Strength Indicator (RSSI)
• Host Controller Interface (HCI) support for 3-wire UART
• HCI access to timing information for Bluetooth applications.

Bluetooth 2.0

This version is backwards compatible with 1.x and the major enhancements include

• Non-hopping narrowband channel(s) introduced. These are faster but have been criticised as defeating a built-in security mechanism of earlier versions; however frequency hopping is hardly a reliable security mechanism by today’s standards. Rather, Bluetooth security is based mostly on cryptography.
• Broadcast/multicast support. Non-hopping channels are used for advertising Bluetooth service profiles offered by various devices to high volumes of Bluetooth devices simultaneously, since there is no need to perform handshaking with every device. (In previous versions the handshaking process takes a bit over one second.)
• Enhanced Data Rate (EDR) of 2.1 Mbit/s.
• Built-in quality of service.
• Distributed media-access control protocols.
• Faster response times.
• Halved power consumption due to shorter duty cycles.

Future Bluetooth uses

One of the ways Bluetooth technology may become useful is in Voice over IP. When VOIP becomes more widespread, companies may find it unnecessary to employ telephones physically similar to today’s analogue telephone hardware. Bluetooth may then end up being used for communication between a cordless phone and a computer listening for VOIP and with an infrared PCI card acting as a base for the cordless phone. The cordless phone would then just require a cradle for charging. Bluetooth would naturally be used here to allow the cordless phone to remain operational for a reasonably long period.

Security concerns

In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security lead to disclosure of personal data (see http://bluestumbler.org). It should be noted however that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.

In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.

In April 2004, security consultants @Stake revealed a security flaw that makes it possible to crack into conversations on Bluetooth based wireless headsets by reverse engineering the PIN.

This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared for the Symbian OS. The virus was first described by Kaspersky Labs and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as 29a and sent to anti-virus groups. Because of this, it should not be regarded as a security failure of either Bluetooth or the Symbian OS. It has not propagated ‘in the wild’.

In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that with directional antennas the range of class 2 Bluetooth radios could be extended to one mile. This enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation.

Bluetooth uses the SAFER+ algorithm for authentication and key generation.

Bluetooth profiles

In order to use Bluetooth, a device must be able to interpret certain Bluetooth profiles. These define the possible applications. Following profiles are defined:

• Generic Access Profile (GAP)
• Service Discovery Application Profile (SDAP)
• Cordless Telephony Profile (CTP)
• Intercom Profile (IP)
• Serial Port Profile (SPP)
• Headset Profile (HSP)
• Dial-up Networking Profile (DUNP)
• Fax Profile
• LAN Access Profile (LAP)
• Generic Object Exchange Profile (GOEP)
• Object Push Profile (OPP)
• File Transfer Profile (FTP)
• Synchronisation Profile (SP)

This profile allows synchronisation of Personal Information Manager (PIM) items. As this profile originated as part of the infra-red specifications but has been adopted by the Bluetooth SIG to form part of the main Bluetooth specification, it is also commonly referred to as IrMC Synchronisation.

• Hands-Free Profile (HFP)
• Human Interface Device Profile (HID)
• Hard Copy Replacement Profile (HCRP)
• Basic Imaging Profile (BIP)
• Personal Area Networking Profile (PAN)
• Basic Printing Profile (BPP)
• Advanced Audio Distribution Profile (A2DP)
• Audio Video Remote Control Profile (AVRCP)
• SIM Access Profile (SAP)

Compatibility of products with profiles can be verified on the Bluetooth Qualification website.

See also

• Bluechat
• Bluejacking – a form of communication via Bluetooth
• Bluetooth sniping
• Bluesnarfing
• Blunt – Bluetooth protocol stack for Newton OS 2.1
• Cable spaghetti – a problem wireless technology hopes to solve
• IrDA
• OBEX
• Jini
• LibertyLink
• OSGi Alliance
• Salutation
• Service Location Protocol
• Toothing
• Universal plug-and-play
• Wi-Fi
• Wireless dating
• Wireless AV kit with Bluetooth for modern LCD TV and computer displays.
• ZigBee – an alternative digital radio technology that claims to be simpler and cheaper than uetooth, it also needs less power consumption.

External links

• Bluetooth Tutorial Includes information on Architecture, Protocols, Establishing Connections, Security and Comparisons
• Bluetooth connecting and paire guide
• The Official Bluetooth® Wireless Info Site<SIG public pages
• Howstuffworks.com explanation of bluetooth
• The Bluetooth Car Concept
• A series of guides on how-to connect devices like mobile phones, PDAs, desktop/laptops, headsets and use different Bluetooth services
• Mapping Salutation Architecture APIs to Bluetooth Service Discovery Layer
• Bluetoothâ„¢ Security White Paper
• Security Concerns
• Laptops, PDA and mobile (cell) phones with Bluetooth(TM) and Linux
• Bluetooth qualified products
• Bluecarkit discussion forum about Bluetooth car handsfree
• Bluetooth in spanish
• Radio-Electronics.Com – Overview of Bluetooth and its operationi>
• Bluetooth Background information about bluetooth (German)
• Bluetooth.org – The Official Bluetooth Membership Sitei>

Many vendors are actively developing new technologies to address the increasing market need for secure contactless technologies for a wide variety of applications. Changes in government regulations will also provide opportunities for enhancing contactless technology performance. It is important to note, however, that standards development is a lengthy process so it takes time for new technology developments to be reflected in standards that help to drive the availability of interoperable solutions. A few examples of new technologies that are expected include:

• Changes to technology based on the ISO/IEC 15693 standard. Contactless cards supporting the ISO/IEC 15693 standard currently operate at 1.65 Kb/sec to meet FCC limits on sideband power in this frequency range. The FCC is expected to lift its restriction in late 2002, which would allow cards based on the ISO/IEC 15693 standard to improve their data rates.
• Changes for higher speed operation. ISO working groups plan to add higher speed modes of operation to ISO/IEC 14443. This will increase the speed supported by this standard from 106 Kb/sec to the 848 Kb/sec that has already been demonstrated by IC manufacturers.
• Alternative access control reader networking solutions. Wireless readers offer a significant advantage in lower costs of installation, particularly in older facilities. New security approaches can ensure strong authenticated channels between hosts or panels and new wireless readers. IP readers also permit direct connectivity to LANbased management and control applications.
• The ability for a single contactless chip in a card to operate in full ISO/IEC 14443 and ISO/IEC 15693 modes.

Recently I came across a new e-Commerce company called EFT Networks, which seems to have an exciting future in the Global Payments Market.

It looks like they have a good mix of consulting and solution design.

www.eftnetworks.com

Services

Electronic Payment

Designed to enable both credit card and direct debit, EFT Networks electronic payment solutions work effectively across multiple sales channels—including Web, Contact Call Centre, IVR and EFTPOS. Manage your payment processing system in-house or outsource, depending on your business needs.

Global Payments

International commerce requires fully integrated global payment and risk management solutions. Requirements span the gamut of payment acceptance considerations from accepting local payment types, pricing in local currencies and dynamically updating prices with changes in exchange rates (dynamic currency conversion), authorising and settling in multiple currencies, to managing fraud and compliance issues such as tax and export regulations. EFT Networks offers a single interface to the global payment network to handle all of these considerations as your business grows.

ICE – Reporting & Management

The EFT Networks Enterprise Business Center gives you a single, easy-to-use interface for managing and configuring payment processing services.

ICE caters for each area of the payment transaction cycle from authentication, authorisation, settlement, dispute resolution and reconciliation – enabling our clients to reduce transaction costs, eliminate fraud, minimise risk, maximise cash flow and increase profitability.

Integrations

EFT Networks provides flexible and secure payment and risk management integrations in to host and legacy systems as well as industry-leading software.

Using industry standards and protocols, our solutions can be customised to suit your exact business requirements

Products

ICE (Intelligent Communications Exchange)

At the core is our Intelligent Communications Exchange (ICE) which enables all known transaction enablers from EFTPOS to eCommerce to be routed directly to a client’s bank without intervention for real time acceptance and authentication.

The EFT Networks ICE operates under a philosophy of total System and Physical redundancy delivering the highest uptime rates possible, whilst the transaction network is protected using Solid State and Application Firewalls on all points of ingress and egress.

Every transaction processed through EFT Networks is encrypted using 128 bit Secure Socket Layer (SSL) encryption and submitted for authorisation through EFT Networks “Secure Virtual Private Network” (SVPN).

Our commitment to security is also reflected in our swift compliance with Card Schemes security initiatives such as VerifiedByVisa and MasterCard SecureCode.

EFT Networks comprehensive suit of online reporting tools combined with daily transaction reports will ensure that our clients always have access to up-to-date management information allowing Business Managers to make quick and well-informed business decisions. The decision making process is simplified even further with the power of daily reports that are customised to be imported into most existing legacy systems.