The financial industry includes many important branches industries including banks, securities, funds, foreign exchange etc., so there is a large number of emails need to be processed every day. These emails almost involve many financial confidential information of clients and partners, but they are all sent by cleartext emails, which are very easy to be illegally stolen and tampered with. This is an email security problem that must be resolved as soon as possible.
To ensure the security and confidentiality of the email, the content of the email itself must be encrypted. To ensure the credibility of the email without being counterfeited, every outgoing email must be digitally signed. To ensure the time of the sent email is credible, every outgoing email must be timestamped.
Financial organizations simply change the current email client to MeSign APP to achieve full encryption, end-to-end encryption and fully automatic encryption, as well as fully automatic digital signature and timestamp. If financial organizations think it is not practical to change their email client, then they can deploy MeSign Mail Gateway to encrypt every outgoing email without changing email client.
And we recommend that financial organizations can deploy their own cryptographic key management system (KM) to fully control their encryption keys to meet the high security requirements of email security. Using MeSign for end-to-end email encryption can make financial organizations to truly implement mobile and met the high security requirements for email easily and possibly.
As shown in the following diagram on the left, in order to ensure that the encryption key is highly secure and controllable, financial organization only needs to connect the plug-and-play KM device to the intranet. All staff’s computers and mobile devices must be able to connect to KM device to get the encrypting certificate private key. After successfully obtaining the encrypting certificate, the email encryption can be used normally. KM devices cannot access the Internet and are limited to employee computers and mobile devices access in intranet to ensure the device and private key security. Financial organizations can also build their own CA to issue certificate for its users instead of using the MeSign default CA. MeSign provide a plug-and-play CA device that just need to connect to internal network, MeSign APP will get the signing certificate and encryption certificate from this in-house CA system, not from MeSign default CA.
In other words, MeSign encryption solution allows financial organizations to achieve complete and autonomous control of confidential emails by simply managing and controlling the encryption key and/or issue the certificate by itself even the application environment is untrustworthy.
The financial industry includes many important industries including banks, securities, funds, foreign exchange, etc. Every day there are a large number of paper documents and forms need to be processed like opening bank accounts, applying for loans, credit card applications, foreign exchange trading agreements, fund purchase agreements, and the internal documents signing etc. They have begun to shift to paperless, but the problem is how to ensure that these electronic documents are really issued by school, have not been impersonated or tampered. At present, the only feasible technical solution is to digitally sign all financial document in PDF with timestamp and send them to users using encryption.
MeSign not only provides digital signature automation solution that can help the PDF documents generated by the internal financial systems to achieve a trusted digital signature with one click, but also provide email signature and encryption automation solution to help the financial systems to send the signed PDF document by encrypted email to users, and completely make the electronic files with reliable digital signature without counterfeiting and make the delivery of electronic files more secure.
As shown in the above diagram on the right, the user handles the banking services on the online banking system and fills in forms online. After completing the forms, the user can sign by hand on the business system or use the corporate online banking USB Key certificate to submit to the bank management system. After processing is completed, the bank system calls the cloud MeSign eSigning Service system or locally calls the MeSign e-Signature System to sign the PDF file with Adobe trusted certificate. For services that do not require the user to fill in the form (such as bank bill, statement, announcement or notice), the PDF file generated on the bank system can be directly called the MeSign eSigning Service to complete the PDF signature.
It is recommended to encrypt all important financial documents. System just need to call MeSign public key certificate database (CerDB) to obtain the user's encryption certificate to encrypt the PDF file, the user can seamlessly view the encrypted PDF file using Adobe Reader. The financial system sends encrypted emails to users using the user's encryption certificate, ensuring the secure and reliable delivery of various user confidential documents. Users only need to use MeSign APP to decrypt and read the documents.
This solution has four advantages to ensure that all important financial documents are trusted paperless and encrypted in delivery:
At present, mobile payment is a popular public service in the financial field, but its security issues are constantly emerging, and security threats are becoming increasingly serious. They mainly reflect in two aspects: First, mobile payment authentication relies on SMS verification code; Second, various financial bills and reset account password hyperlink are sent by plain text email.
For the first security issue, the SMS verification code can be intercepted by the pseudo base station or intercepted by malware on the mobile phone, this suffered a loss of money. SMS verification code has changed from the out-of-band authentication method in PC Internet era to the in-band authentication method in mobile Internet era. In this way, SMS verification completely loses the technical foundation that can be used as an authentication method! NIST SP 800-63B “Digital Identity Guidelines” – “out-of-band authentication using the PSTN (SMS or voice) is deprecated, and is being considered for removal in the future editions of this guideline”.
For the second security issue, it is obvious that the financial bill or statement contains many sensitive and confidential information, and the use of plaintext email is very easy to be illegally stolen and cause bank user suffers property damage, which not only hurts the user but also causes the reputation of the financial institution suffers an irreparable loss. Therefore, some banks have used plain text email to inform users to log in to the bank's official website for safe viewing. Some banks use the social network APP to send important bill. These are a compromise method.
A better solution is to send verification code through encrypted email instead of SMS; to retrieve account passwords or reset account passwords by encrypted email instead of cleartext email, to send financial bill and statement to users via encrypted emails with digital signature to help users effectively identify fraudulent emails; and provide online customer service by encrypted email instead of online chat.
How to send encrypted email? The financial system could call the MeSign Mail API to obtain the public key of the user's encryption certificate, then the system can automatically encrypt and send the financial bill and statement, notification information and various public service information in encrypted emails to the users, thereby ensuring the security of the user's confidential information.
In addition, Email API also provides an interface for checking if a user used MeSign APP, if the user has not used MeSign APP, the API will return NO, then financial system shall send an unencrypted email to the user to inform the user how to download and install MeSign APP to receive the encrypted email, then the system can send the encrypted email to users.
As shown in the diagram on the right, MeSign builds and maintains a global public key certificate database (CerDB). The innovation technology enables the Email API to provide financial institution with the encrypting certificate public key for all email addresses, ensuring that the financial system can seamlessly send encrypted notification emails to all users.
MeSign APP is completely free. It supports Windows, Android and iOS. Bank users can decrypt the encrypted email delivered by the bank system in just a few minutes by downloading and installing the MeSign APP, ensuring the security of the confidential information related to their bank account.