New solutions for online fraud and digital security! Netron Information Technology partners with HiTRUST to create a financial payment cloud platform.

Netron Information Technology Corp., which began with cybersecurity and expanded into multi-cloud services, is an official AWS Advanced Consulting Partner, offering a complete one-stop professional consulting service from planning and deployment to operations. They also provide certification in cybersecurity and related training in social engineering. Guo Shuhua, Director of Intelligent Product R&D at HiTRUST, explained, "From the early stages of planning and construction, to service operation and backend monitoring, it is crucial to ensure we have the best support. Having an on-demand team available to assist us is a great help." HiTRUST had tried other platforms and service providers in the past, but found Netron's support to be superior, especially with the 7x24 operation service provided by professional engineers. Through Line group communication, issues could be discussed and error messages shared immediately, allowing Netron to assist HiTRUST in resolving problems in real-time.

"On-the-ground experience can't be applied to the cloud, and in this regard, professional trust is still essential. Netron has a close relationship with AWS, and AWS also provided support during the process, which was extremely helpful to us," Guo Shuhua said.

HiTRUST provides secure payment services, and their cloud platform has been certified with PCI DSS security standards. Netron Information Technology has assisted HiTRUST in building five environments on AWS cloud using a dual-AZ architecture. The architecture utilizes AWS services such as Firewall, ELB, EKS, RDS, EC2, and S3 to ensure robust security protection and smooth data flow.

Netron's CEO, Li Shangxiu, explained that beyond security, cloud architecture planning must also account for scalability and flexibility. For financial services, compliance with security standards is crucial. Additionally, credit card transactions require high-speed processing and stability. Therefore, aspects such as firewall settings, load balancing, storage, configuration, preset adjustments, and encryption must all be meticulously planned and validated before implementation. Netron is also leveraging AI technology to develop numerous automation tools, which will enable proactive monitoring and real-time alerts in the future.

Li Shangxiu further emphasized that in hybrid or multi-cloud environments, it is essential to focus on the independence and dependencies between different environments. If one end is compromised, the other end should remain secure and provide backup. "When an issue arises on the local end, the cloud can take over. This is a critical detail we focus on during the initial planning phase for our clients."

HiTRUST's Veri-id Risk Detection System, which stood out in the Digital Sandbox competition and was crowned the double champion of the 2023 Digital Sandbox Competition, is built on a cloud platform set up with the assistance of Netron Information Technology. Currently, many e-commerce platforms allow users to log in with just a username and password, leaving significant vulnerabilities for hackers to exploit. Veri-id, however, uses patented technology to compare the account with the device and over a hundred data points within the device environment. Through AI analysis, it determines whether the login attempt is legitimate. If any anomalies are detected, it can block or request further identity verification, significantly enhancing transaction security.

The basic indicators of anomalies include the account being used on an unusual device or logging in from suspicious locations. Other signs of fraudulent activity include abnormally fast keystrokes, irregular mouse movements, or evidence that the user is simulating multiple devices, changing accounts with every login, which could indicate the hacker has stolen large amounts of user data and is attempting to profit from it using simulation tools to avoid detection.

Currently, Taiwan's large e-commerce platforms have already implemented Veri-id. Guo Shuhua explains, "As a major e-commerce platform, we have already invested considerable resources in cybersecurity, but we are always striving for improvement. We were originally considering similar technologies, even contemplating developing it in-house. Fortunately, HiTRUST had already developed a comprehensive service that is more flexible and can be applied faster, making it a perfect match for us."

Recently, HiTRUST has launched the new Veri-FIDO Passwordless Identity Verification Service, combining the functionality of Veri-id with FIDO2 technology. Utilizing a public-private key architecture, it directly eliminates passwords in favor of biometric authentication methods such as fingerprints and facial recognition. With the removal of passwords, the risks of passwords being intercepted, phished, or stolen are avoided, effectively preventing the social engineering attacks that have caused massive financial losses in recent years. Furthermore, Veri-FIDO is not limited to mobile apps, as it can seamlessly operate on websites as well, providing consumers with a simpler and more secure way to enhance transaction safety.

HiTRUST's Veri-FIDO service has also been embraced by the large travel platform Colatour. This year, Colatour has continued to heavily invest in building its "Digital Colatour" platform and has become the first in the travel industry to adopt FIDO Biometric Authentication. To actively encourage travelers to complete their setup and enhance security, Colatour launched a special promotion in late September, where users who complete the fast login setup have a chance to win a 5,000 TWD discount code, offering members a quick and secure digital tool for their travel needs. Colatour's FIDO2 Security Verification Project was also selected as a verification field for the Ministry of Digital Affairs' "Digital Trust Field Service Pilot Program," working together to combat fraud and build a safer and more convenient digital lifestyle.

"Cybersecurity in e-commerce is broad and cannot be solved by a single software or hardware solution. HiTRUST and Netron Information Technology Corp. complement each other well at both the application and infrastructure levels," said Guo Shuhua.

Li Shangxiu further elaborated that e-commerce platforms handle large volumes of transaction data, making them prime targets for hackers. If open-source code is used during the website development process, there is an even higher risk of hackers implanting backdoors. Netron Information Technology Corp. assists clients with comprehensive cybersecurity, ensuring compliance with ISO27001, PCI DSS, and other certifications starting from the website development phase. They also offer AI-powered automation tools to assist clients with automated scanning and alerting. "Especially with the trend towards local and multi-cloud environments, the complexity of managing these environments increases, raising the risk of oversights. This is why automated processes and tools are essential for effective control."

Additionally, Li Shangxiu reminded that today's website architecture is predominantly based on APIs, making it harder for WAFs (Web Application Firewalls) to distinguish between real and bot traffic. Furthermore, as websites undergo revisions, some APIs may no longer be in use but are not removed, creating potential security vulnerabilities. These can be scanned and inventoried using automated tools. Websites that have already been set up can also benefit from automated security checks to identify and strengthen cybersecurity gaps.

With the growing trend of financial services moving to the cloud, HiTRUST and Netron Information Technology Corp. plan to deepen their collaboration. Guo Shuhua pointed out, "Having cloud experience and supporting services is now one of the key advantages in serving financial clients. Furthermore, when financial services adopt cloud solutions, they no longer need to purchase large amounts of hardware when introducing new software services, making them more willing to adopt cloud technology." In the cloud environment, financial services rely heavily on Netron's expertise for architecture planning and permission management. "We greatly depend on Netron's professional support to perfect our cloud mechanisms. They build the cloud ladder from ground to cloud, and our application services just need to hop on the elevator."