About

The problem

In a world where all transactions are now able to be completed virtually, it is time to address the simple fact that software alone cannot secure the internet.
Over the last few years, as interaction with our banks, shops, and Government has moved wholly online, various systems have been developed, and discarded, to secure transactions.

The problem with the current systems:

  • Single use token or password generators are subject to man-in-the-middle interception.
  • 2-factor authentication using SMS or email is no longer an accepted industry standard — once a smart phone is compromised, this system is not adequately secured.
  • Check codes, such as CCV codes, can be manually obtained — as you have to provide them, they aren’t secure or secret, and are compromised if a wallet is lost or stolen.
  • Password based proprietary authentication systems are subject to man-in-the-middle interception, session hacking, and pharming.

Conventional technology approaches result in the creation of siloed hardware, software and layers of security services over the top of each of these. Identity databases are replicated across systems, online and store front payments networks are separate, separate web server environments and multiple departmental networks then all require security layers applied across each.

Ultimately, current verification systems can’t match the authentication security of private networks, such as ATMs, nor the useability that is now demanded by consumers.

The Solution

Let us introduce you to a new global benchmark which secures the way you live and work on the internet


 

VeroGuard is a unique technology that enables online authentication and encrypted transmission across fixed and mobile networks with same level of identity security as the ATM network. VeroGuard is the first and only secure open internet based login to the cloud or enterprise networks. It is a proven ultra-secure technology using an anchored ID and multi-factor authentication providing true digital identity verification.

VeroGuard is a joint software-hardware encryption solution invented by the people behind ATM network and wireless EFTPOS security technology. It guarantees the authenticity of the user and protects the data of both customer and merchant throughout the payment or transaction process. VeroGuard is the only system to offer 'card holder present' for transactions completed over the internet, cutting off 'card-not-present' fraud.

The core of this technology — security, identity, payments — has been proven successfully in operation for a financial institution since 2011 serving approximately 7,000 merchants. This environment has processed more than 54 million transactions and operates in some of the most remote areas in the world on minimal communications. It also provides more data, auditing and evidence points than any other solution currently available. This has been used successfully on many occasions to confirm no fraud has ever occurred within the Vero network.

The VeroGuard network integrates into existing systems and processes. Moving to VeroGuard protection does not require any IT upgrades. It has been assessed and is recognised by the CSIRO's Data61 group and other global technology industry partners.
Want to read more about our solution, VeroVault

How does it work?

Using a black box to black box transmission of encrypted data, secured by a hardware solution, VeroGuard is the only technology that can provide fully-secured identity and authentication capability for any interaction over the internet. Highly scalable, it is a plug and play system built on Microsoft .Net platform.

The VeroGuard service leverages an ATM level Security Module to provide a secure authenticated and encrypted connection over the internet at the same level of security currently utilised worldwide by financial institutions on ATM, EFTPOS and SWIFT Networks. Implemented by a bank in the South Pacific,  the VeroGuard backbone has been running faultlessly in a financial network since 2011.

VeroGuard security is based on published standards AS2805 and ISO 8583, and Derived Unique Key Per Transaction (DUKPT) which is specified in ANSI 9.24, not on proprietary algorithms, and built to comply with ISM, IRAP, PCI DSS, ISO 8583 and ISO27001 standards.

A key capability underpinning the entire platform is the cyber security. No other solution globally is capable of running a multi-point, multi-direction, distributed black blox connections over the internet and open networks (using a DUKPT method with a combination of asynchronous double handshake tripleDES, AES and RSA encryptions, which meets ISO 8583 and ISO 2580 specifications over the internet). VeroGuard Systems has developed the switching, miniaturised black box hardware and unique encryption security protocols – each a global first.

The Vero Identity layer can be re-used and recognised without extra infrastructure for systems access, physical building security, secure document transfer, authorisation of transactions and payments.

Similar to the banking network, the Vero switching capability means that the Australian TDIF protocols could be exchanged with other countries identity frameworks in the future automatically enabling international Identity authentication transactions to be secure and trusted.

What is VeroCard?

Worried about the security of your identity information on your phone, skimming of your credit cards or the loss of your wallet with all your information? The VeroCard is the ultimate in personal security of your most precious personal details as well as protection of all your online activity.

VeroCard is the personal hardware that enables the VeroGuard system. A personal ID security, privacy control and EFTPOS device, it is a credit card sized black box Bluetooth device which when used as a Digital Wallet has the capacity to store more than 100 cards securely within its tamper proof black box. VeroCard provides an easy and secure point of entry for all sensitive information with a PIN and has full EFTPOS device functionality.

VeroCard enables the user to access websites, applications, cloud storage or payment systems through a secure server, with real-time authentication back to the VeroCard that they hold in their hand.

VeroCard architecture is designed to meet highest level of industry standards, which enables multiple types of payment over the internet including near field communication with PIN. The VeroCard establishes an encrypted tunnel via an internet connected device through to the host system, and is built to PCI PTS 5.0 specifications.

  • 1

    User opens website to log on securely by clicking log on with Vero
  • 2

    The online log in sends details to the VeroCard
  • 3

    User is then prompted to enter their VeroCard PIN as required
  • 4

    The VeroCard black box then encrypts the log in credentials for 100% secure transfer
  • 5

    Message is sent from the VeroCard to VeroGuard server for decryption and authentication of credentials
  • 6

    Credentials authorised and access granted to cloud, server or email access