In the vast and risk-laden transaction market, financial and e-commerce businesses urgently need secure transaction platforms to protect their brand image and ensure fast, stable transactions. HiTRUST, with years of experience in Taiwan, has developed expertise across four key areas: digital finance, information security, e-commerce payment flow, and artificial intelligence. Their 3DS Credit Card Security Verification System is the world’s first product certified by the EMV international organization, and their one-stop payment gateway service, HiTRUSTpay, holds the top market share in Taiwan.

"We adopted cloud-based payment solutions early on, which aligns with the expectations of banks because it is more stable, scalable, and reduces early investments," said Shu-hua Guo, Director of Smart Product R&D at HiTRUST. In the seven-layer network system architecture, HiTRUST excels in the application layer. The underlying infrastructure and network layers are now supported through their collaboration with Netron Information Technology, establishing a trusted cloud platform on AWS.

Shu-hua Guo stated, "From the initial planning, to construction, service operations, and backend monitoring, the key consideration for us when choosing a cloud service provider was whether they could provide the best support. Having an immediate team available for assistance is a huge help for us." HiTRUST had previously tried other platforms and service providers, but compared to them, Netron offered better support, especially with 24/7 maintenance services provided by professional engineers. Through communication on Line groups, they can discuss issues and share error screens instantly, helping HiTRUST resolve problems at the earliest time.

"On-premise experience cannot be directly applied to the cloud, and for this aspect, we still need to trust the professionals. Netron’s close relationship with AWS, with AWS also supporting discussions during the process, has provided us with immense help," said Guo Shuhua.

The basic detection method includes identifying logins from unfamiliar devices or suspicious locations. It also looks for unusual keyboard typing speeds or mouse movement acceleration, which could indicate a non-human trying to log in. Additionally, if the system detects that a user is simulating different devices and using different accounts for each login attempt, it may indicate a hacker trying to profit from stolen user information while avoiding detection through the use of simulators. Such activities are flagged as anomalies.

Large e-commerce platforms in Taiwan have already adopted Veri-id. Shu-hua Guo explained, "As a large e-commerce company, we have already invested significant resources in cybersecurity but are constantly striving for improvement. We were already considering relevant technologies and even thinking of developing them ourselves. Fortunately, HiTRUST had already developed a comprehensive service, which allowed us to apply it more flexibly and quickly, leading to a perfect match between the two sides."

Veri-FIDO is not limited to just apps, as earlier FIDO technology was, but also supports smooth use on websites, enabling consumers to easily enhance transaction security.

The HiTRUST Veri-FIDO service has also gained the favor of the major travel platform colatour. This year, colatour has continued to invest heavily in building "Digital colatour", becoming the first travel industry player to adopt FIDO biometric authentication. Furthermore, to actively encourage travelers to complete setup and improve security, colatour launched a lucky draw event before the end of September. Those who complete the quick login binding have a chance to win a 5,000 TWD discount code, providing members with a fast and secure digital travel tool. Additionally, the colatour FIDO2 Security Verification Plan was selected as this year's Digital Trust Field Service Validation Project by the Ministry of Digital Affairs, working together to combat fraud and create a safer and more convenient digital life.

Li Shang-xiu further added, "E-commerce platforms hold a large amount of transaction data, making them prime targets for hackers, especially when open-source code is used during website development, which increases the risk of backdoors being planted by hackers. Netron Information Technology not only helps clients ensure cybersecurity compliance with certifications such as ISO27001 and PCI DSS from the website development stage, but also assists with automated scanning and alerts through AI automation tools. Especially with the trend of hybrid cloud and multi-cloud environments, engineers have to manage complex systems, increasing the risk of errors. Automated processes and tools are essential for effective management."

Additionally, Li Shang-xiu emphasized that with the current website architecture largely based on APIs, WAF (Web Application Firewall) systems are finding it more difficult to distinguish between human and bot transactions. Furthermore, during website revisions, some APIs might no longer be used but remain active, creating security vulnerabilities. These can all be scanned and tracked using automated tools. For already deployed websites, automated scans can conduct "health checks" to identify security gaps for reinforcement.

With the increasing trend of cloud adoption in the financial sector, HiTRUST and Netron Information Technology also plan to deepen their collaboration. Shu-hua Guo pointed out, "Having cloud experience and related support now becomes one of the advantages when serving financial clients. Moreover, when financial institutions adopt the cloud, they no longer need to purchase a large amount of hardware equipment when adopting new software services, making them more willing to implement them." In a cloud environment, financial institutions rely heavily on Netron's expertise, from overall architecture planning to permissions management. "We greatly depend on Netron's expertise to assist the financial sector in perfecting their cloud mechanisms. They build the cloud ladder from the ground to the cloud, while our application services only need to take the elevator up."