Online Banking Encrypted Communication Service System SolutionProvide innovative financial services to bank customers and improve the security and service levels of online banking.

1. Five major problems that currently exist in the online banking system

In the year of 1994, Stanford Federal Credit Union offered Internet banking for the very first time. It has been 27 years of development by 2021, and now more than 90% of its business has been moved online, and it also has been moved to smartphones. "Moving" means that users can do the banking service online without going to a bank branch. 27 years have passed since the online banking system come out, but there is basically no any big innovation. However, with the popularization and application of mobile Internet, the current online banking system has been unable to meet people's needs for all-round banking services, and has even been gradually marginalized and backstaged by Internet companies. Both personal online banking services and corporate online banking services are in urgent need of innovation, and banks need to act immediately to make full use of the dividends of the mobile Internet to provide bank customers with more convenient, fast and secure online banking services.

At present, the online banking system has the following five problems that need to be solved and improved urgently:

1. First, the encryption algorithm used is very backward and very insecure!
   The USB Key certificate commonly used in online banking systems still uses 1024-bit SHA1 RSA certificates, which are not only non-compliant but also very insecure. This means that the certificate signature that online banking system relies on to confirm payment behavior may be counterfeited!
2. Second, SMS verification codes are already very insecure, but they are still widely used.
   The SMS verification code verification method commonly used in online banking services was created in the 1990s. At that time, the SMS verification code was indeed two-factor authentication of different channels and was secure. The NIST SP 800-63B pointed out that the use of SMS verification can only be an out-of-band authentication. However, now in the era of mobile Internet, using online banking apps and receiving SMS verification codes have become the same channel and the same device (in-band), which is very easy to be read by malicious apps, and no longer meets two-factor authentication (out-of-band verification), but it is still widely used, and you can pay online after receiving the verification code. SMS verification codes are also very easy to be counterfeited by fake base stations, which can cause online banking users to be deceived and suffer financial losses. The online banking system has been around for 27 years, SMS verification is already very insecure, and there is no progress or innovation in identity verification technology.
3. Third, the bank statements are all sent in cleartext email, which is very insecure, but it is still widely used.
   Electronic bills, statement, notifications sent by financial institutions such as banks to users are all cleartext emails, which not only leaks users' private information, but also brings account security issues to users, and leads to the proliferation of fraudulent emails from fake bank emails. As a result, users have been recruited and lost money. The online banking system has been around for 27 years, and it still uses cleartext mail to send bills and statement, without any technological progress or innovation.
4. Fourth, the bank telephone customer service system is not only expensive in construction and operation and maintenance, but also very inconvenient for users, but it is still widely used.
   Bank telephone customer service is not only always inaccessible on the user side, but also the cost remains high on the bank side, and it is inconvenient for users to provide screenshots to reflect online banking problems. Although the current social media or online banking app customer service is more convenient, there are still hidden security risks such as unencrypted and fake identity. The online banking system has been around for 27 years, and now it’s the era of mobile Internet, still using the telephone customer service that is often inaccessible, without any technological progress or innovation.
5. Fifth, there is no innovation in payment services, and banks have been marginalized by Internet companies.
   Computer online banking is still a very difficult USB Key authentication method, requiring a lot of driver software to be installed, and often unable to log in. Users need to change a variety of different browsers to log in to different bank online banking systems. These browsers are technically very backward and insecure, but they have to keep them in order to log in to online banking. With the popularization of the mobile Internet, although banks have also launched online banking apps, but they are mostly insecure. Some apps do not use https to encrypt communication with the server. Some apps do not validate whether the certificate is trusted even if https is enabled. Basic security checks such as whether the domain name bound to the certificate is correct and whether the certificate has been revoked don’t work before communicating with the server, which is very prone to man-in-the-middle attacks. And many online banking apps still use very insecure username/password login methods. The online banking system has been around for 27 years, and although mobile online banking apps have been added, it has brought more security risks. There is no technological progress or innovation in online banking payment.

In fact, the above five major problems are not only backward technology and lack of innovation, but also a serious violation of the related laws and regulations. It also severely restricted the healthy and rapid development of banking services. This is indeed a technical and management problem for the banking industry. We believe that an online banking system that does not solve the above five problems is not a good system. When users choose to build or upgrade their online banking system, they must carefully evaluate the above security risks and existing problems and choose appropriate technical solutions.

2. MeSign Internet Banking Service System Solution

MeSign Technology innovatively adopts mature cryptography technology, cloud computing technology and email communication technology to successfully develop the "Internet Banking Encryption Communication System" based on email communication system, effectively solves the above five major problems:

1. (1) All use the strong algorithm like RSA 2048bit/SHA2 certificate to realize identity authentication, digital signature and data encryption, and meet the requirement of related laws and regulations. Completely solve the insecure problem of the cryptographic algorithm of the above-mentioned problem one.
2. (2) Innovative service one: Using encrypted emails to send the verification code instead of insecure SMS methods, completely solve the problem that SMS verification codes may be illegally stolen by malicious apps, thereby effectively ensuring the security of online banking payments.
3. (3) Innovative service two: Use encrypted emails to send bank statements and bank bills, effectively preventing cleartext emails from leaking confidential information like bank account or credit card information, and also effectively preventing counterfeit bank email fraud. And all encrypted emails have a timestamp signature to prove that the email sent time is trusted and has legal effect, thus effectively ensuring the security of online banking services.
4. (4) Innovative service three: Use encrypted and digitally signed emails to achieve trusted identity online customer service. All customer service emails between users and banks are encrypted emails, which can not only efficiently provide services to users, but also effectively prevent frauds that impersonate bank customer service personnel occur and can reduce telephone customer service costs and improve customer satisfaction.
5. (5) Innovative service four: The use of Adobe trusted signing certificate to digitally sign online banking agreements, helping banks to completely realize paperless and digitalization. Digital signatures have the same legal effect as paper agreements.
6. (6) Innovative service five: Banks can also innovatively provide simple and fast online payments based on digital signatures and encrypted email. Because the user's identity is validated and trusted, the communication is fully encrypted, and there are legally effect digital signatures and timestamp records, the bank can innovatively provide email-based payment services-payment is completed when an email is sent, and payment is received when the email is received.

MeSign Technology adopts cryptographic technology to realize digital signature, encryption and timestamping, which meets the requirements of the related laws and regulations. It also uses encrypted email communication, but it completely is easy to use that all encryption is automatic. At the same time, it also completely solves the problem of easy-to-use but reduced security. It is not only convenient to use, but also secure and reliable, especially suitable for mobile Internet.

Based on encrypted email communication, there is a popular application foundation for worldwide user. User is very easy to get an email account for free and enjoy the free email service, but these infrastructures are not playing the best role. In fact, encrypted email communication is the most convenient, fast, secure and efficient communication method. This is a decentralized point-to-point efficient and secure communication, but it is not widely used due to the insecurity of cleartext emails and the inconvenient use of email encryption. Now, MeSign Technology has solved the hard-to-use problem of email encryption and can be widely used in online banking encrypted communication service.

MeSign Technology's five innovative online banking services based on encrypted email, digital signature and timestamp technology, completely change the way people use online banking services, making it secure and more convenient. Banks' adoption of online banking encryption service can not only improve the level of security services, but also is expected to completely reverse the situation of being marginalized in the field of mobile payment. MeSign Technology provides innovative online banking encryption service solutions based on email encryption and digital signatures that have been used in some banks now. And MeSign automated email encryption applications have covered users in 171 countries and regions around the world. Feel free to contact us for more details.