Frequently Asked Questions

What is the difference between the BankVault products?
Feature WebSafe SafeWindow BankVault-Key
Type Of Customer
Individual
Professional / SMB
SME / Trust
Cost
$ 5 - $ 20 /month
$ 20 /month
$ Quote
Access via
Browser
App/Browser
USB Device
Invisible Remote Keyboard
Via QR Code
Via Login ID
Not Needed
Enforced structure & procedures
Y
Supports file transfers from local device
Click-n-drag
Mapped Drive
Mapped Drive
Supports Printing
Y
Y
Y
Support Video (without sound)
Y
Y
Y
System Requirements
  • Microsoft Windows PC
Any browser
Y
Y
  • Apple Macintosh
Any browser
Y
Y
  • Mobile / Tablets (Apple/Android)
Y
Crypto-Trading (HD wallet)
Y
Documents (.doc, .xls, .ppt. .PDF, Images)
Y
Y
Y

FAQ

Most frequent questions and answers

This is an important question and to answer it properly we should respond from a number of different angles.

  • Firstly, lets spin the question around.  Most users are blindly trusting their PC. Our machines have accumulated user history, software from many different vendors where the typical user doesn’t even know are embedded in there.  For example who was responsible for the firmware in each of the hardware components, let alone the hardware drivers, applications, and live Internet connections.  Nobody can ever guarantee the integrity of all these components operating perfectly securely together.  Each week, on Patch Tuesday, Microsoft release a slew of new updates proving you were vulnerable the week before with their software. 
    By contrast, BankVault can take responsibility for 100% of the technology stack. We leverage open source software so we have transparency over the entire technology stack we deliver.  Our team monitor continually, and leverage the industry where other teams are providing and assuring the integrity of all software elements. We always deploy the latest LTS version of each software component so the industry itself is continually vetted every component.
  • Ultimately it isn’t just BankVault you’re trusting but the institution you buy it through such as your insurance company, your bank, your crypto-exchange.  They have their vetting process in place to guarantee the integrity with their systems.  
  • We have considerable social proof about the team’s reputation, and have the support of key industry figures.  You can see this in the Advisory Board.  As a team, we have committed our careers and future to build this.  It’s not about the money.  It’s about integrity and doing something important our families can be proud of. 
  • We are negotiating to have an insurance policy cover the risks.  Customers will pay a premium for this to the insurance company and you’ll be trusting the insurance company. 
  • But to answer this question head on – we are currently going through the process of an independent external audit and will publish the report when completed.

Use BankVault to open potentially hazardous email attachments, web hyperlinks and online folders with complete immunity.  

When you have received a link, email attachment, LinkedIn attachment, or find have received something that you simply must open to find out, do this within BankVault.  It will be clear very quickly if its legitimate or not, and when it’s not you can either delete it, or close down and start afresh.  Examples of malware which frequently deceive people today are emails with a voice mail link, a PDF or spreadsheet from a colleague via LinkedIn, an email with a button to download an invoice,  These may seem interesting but frequently contain very dangerous malware. 

Antivirus and anti-malware are great for containing virus software.  It fulfils an important role in keeping your computer safe. But it’s not comprehensive security.  In fact many large technology companies actually have ceased using it.  Netflix for example in 2016 stated that “anti-virus software simply no longer works and can’t stop the threat from new types of cyber-attacks”.   Symantec in 2016 said that over 1 million new viral variants are released every 24 hours, so it’s impossible for the anti-virus software you run to keep up to date.

Use BankVault when you need to be certain about your security.  

Nearly all antivirus software works by monitoring your computer and network for malicious files which it recognises based on the ‘signature’ of the file. This is an efficient way to work in the background of your computer without impacting its performance. Your antivirus software regularly updates its ‘list’ of signatures to watch out for by checking in with its vendor headquarters about the latest risks.

The problem for antivirus is that a complete list of all possible dangerous signatures that ever existed would need to be billions of signatures long, and needs to be kept up to date every single minute. That’s far too big and complex for most computers to handle without impacting your system’s performance. 

Vendors get around this by maintaining a ‘current’ list of a few million signatures on your computer, and sending out regular updates to your software for emerging, re-emerging or new threat types.  Advanced antivirus and security software also introduce other approaches such as monitoring your computer for unexpected or risky ‘behaviour’. 

Combined, and thanks to the diligence of antivirus companies, this works well, but it is still constantly playing catch-up with the latest and ever-changing smorgasbord of threats circulating in the wild.

Other malware types can be difficult for antivirus to detect. Many of the Ransomware attacks over recent years actually use the high-quality encryption built-in to your operating system against you. Your antivirus won’t try to prevent your own computer from encrypting its files, and the encryption is so good, there is no unlocking it without the key—time to pay!

BankVault does away with all of this catch up and indefinite approaches by removing your computer—the antivirus on it and any malware that got past it—from the situation.

BankVault doesn’t sit there to be targeted. It gives you access to a pristine computer, virus-free, just created, safely hidden, far away, and soon to vanish.

VPN’s do very little to protect users.  They can’t protect you from the majority of cyber-attacks used by endpoint hacking.  It might encrypt your link so nobody in the coffee shop can see what you’re doing, but you’re still download email packages into your machine and still opening up websites and executing the JavaScript code in your browser.

BankVault has 100x more functionality of a VPN.  Not only is everything encrypted but you have a pristine, new, fully functioning machine every login. 

VPN’s provide a level of security for a specific elements of computing but as a cyber security system achieves very little.

They are typically used for point-to-point tunnels through the Internet. By using a VPN someone lurking on a local router cannot interpret the data as it is routed through. It can be useful to your PC with a remote IP address for example in the USA if you want to download content restricted to USA IP numbers. That also makes your activity invisible to your local ISP and prevents them capturing meta data about your activities.

VPN’s however do not address endpoint security. That is the security on your local PC/smartphone. Depending on how you’ve configured it, your traffic may not be forced to use a VPN each time you browse the Internet or download email. If you’re paying a VPN provider you are trusting their controls are adequately configured however they often vary. Also there’s no absolute restriction on what your PC can access on the Internet so it’s actually largely wide-open and so remains vulnerable to attack. For example:

  • You may receive an email attachment with malware such as a keylogger. Anti-virus won’t pick it up because it was just crafted yesterday and only released to 100 endpoint devices before the author modified it and sent out a different variant to the rest of his target market. These never get picked up by anti-virus software. In fact Symantec said recently that there’s 1,000,000 new variants released every 24 hours. The processes of morphing and releasing are automated.
  • Drive-by-download is where you browse a website and malware is downloaded and executes in the browser when you display an image. This is a common vector for the latest man-in-the-browser hacking that target banking login credentials. They’re easy to set up and they’re becoming very common. For example Telstra’s website was infected with one last year which targeted banking credentials. Anyone would pick it up purely by going to Telstra’s website and your anti-virus software won’t stop it because it’s not a virus.
  • If you install a new software package then you’re trusting that supplier. But it goes further. There are all sorts of cracks and fissures between the different software packages and versions configured on your device. These are what the hackers exploit. VPN’s can’t address any of these issues.
  • Anti-virus software products Trend and Symantec last year were named as the back-door being used by hackers to install their malware. This was detailed in two separate announcements two separate broadcasts by Google Security team.
  • According to McAfee the average time a hacker has infiltrated a PC or network before they attack is 293 days. They are undetectable. Once they are into your PC they’re effectively sitting in your lap and ready to take over your keyboard whenever they choose. A VPN makes absolutely no difference.

BankVault addresses the cyber security issue by doing things completely differently. It’s conceptually simple to understand and is easy to use. It comprehensively addresses every attack vector by simply sidestepping everything for the duration of critical online transactions such as banking. It can be provided as a dedicated hardware device to it can recycle the users existing PC hardware and even bypass BIOS or wireless keyboard sniffing.

So in an era where bank account hacking is growing exponentially and bank’s need to investigate before negotiating reimbursements, any delay can be crippling for cashflow and BankVault offers simple pristine protection.

BankVault uses several technologies which combined make you invisible from any tracking software on the Internet or malware on your local device.

Your BankVault machine is hidden using a technology called IP Masquerading, whereby we can run tens of thousands of machines in parallel behind a single IP address.   It’s like a one-way-mirror whereby you can see out to the Internet and initiate external connections, but the Internet cannot see you.

We build a fresh machine in each login, ensuring no tracking software can be present from previous use. 

We host in a number of data centre locations worldwide allowing you can either select a continent of choice or be automatically taken to the closest one to you.  The tracking done on the Internet therefore see those IP addresses rather than your own physical IP address. 

The cost of a cyber attack to a business is estimated to be 9x the amount of money stolen.  This is made up of the cost of reputational damage, clean up, replacing systems, training staff and lost business as a direct consequence.

Strong cybersecurity help you differentiate yourself from competitors, building trust from your customers and driving business growth.

Today cyber hacking makes headlines every weak in the news media.  In a recent survey, 40% of small business owners said they were extremely concerned about the risk of a cyber-attack in their industry, and would take steps if they knew what they could do to reduce risk. They have no choice but to trust their IT contractor, or IT advisor, that everything is in order.   Yet, the new generation of Non-Malware cyber attacks are undetectable. 

Most people have heard of somebody who has been the victim of a cyber-attack.  No-one realises it though, until is too late.

If you’ve ever entered personal or sensitive company information on a website, or made financial or credit card transactions online, or used a website to update private or sensitive data … then you’ve probably also blindly trusted the machine you’re working from.

BankVault gives you a way of being certain you’re safe and secure doing these things online.  BankVault can save you from financial loss, downtime, brand damage and embarrassment.

BankVault is based on a simple, fundamental principal – using a completely new machine for each transaction.  It’s analogous to assuming your PC/smartphone is hacked, so going down the street and buying a new computer for each transaction.  Only it leverages cloud technology to sidestep your device entirely, only using it to stream images to.  Nothing therefore executes on your local device.

BankVault leverages the cumulative effect of a number of different technologies, including “the cloud” and peripheral technologies which sidestep every attack vector used by endpoint hackers.

The solution creates remote, virtual machines, built afresh each time, which are invisible from the Internet.   The virtual machine build which would normally takes tens of minutes, occurs within 1 second.  The machines use IP masquerading, a kind of firewall, making them invisible from the Internet but allowing a user on the inside to initiate an external connection across the Internet.  Only a stream of pixels display the desktop of the remote machine as an image on the device, so no cross-code is executed.   A remote invisible keyboard (a mobile app) connects with the virtual machine and is used for entering in passwords.  The remote invisible keyboard is an illusion, as no keyboard actually exists on the mobile at all, so there is never a character in the local operating system of the device.   At the end of a session, or when the connection to the local PC/smartphone is broken, the BankVault session evaporates without trace. No data is stored other than your login session time for accounting purposes.  Nothing you do inside the virtual machine is visible to anyone other than yourself.

 

Using BankVault:

  • You are immune to software threats that target your local physical computer
  • You effectively move to a separate remote computer thus sidestepping anything on your local device.
  • You are working from a temporary system
  • You can work from a different geographic location and a machine that cannot be identifiable as your computer.
  •  Working via a clean, perfect, pristine, up-to-date, secure and safe computer every time.

From a technical perspective your physical location is hidden. Your BankVault session, for the short time it appears, can appear to be from a different continent, wherever a BankVault secure data centre node exists.  Your session is allocated a shared IP, potentially with thousands of other users and may change each time you start a new session. This protects your location, your privacy, and your identity.

Add to this that your session is temporary. Everything you do with it will vanish, impossible to track, hack or attack.

The only information BankVault holds is your login ID, name and email address provided on signup.  Your credit card details are held by the payment gateway provider, not by BankVault.

Australian’s Data Retention Laws require BankVault to record a timestamp whenever a customer logs into the system.  This meta data is available may be requested by the government.

BankVault is extremely concerned about protecting our customer’s privacy and anonymity. Our products are designed so you have no online footprint unless you choose to make one.

Your BankVault session builds a pristine, new, updated, virtual environment on every login.  It’s a hardened machine but will still execute some code, such as JavaScript in the browser, so technical could still become vulnerable during use.  However you can logout and log back to create a completely fresh new machine and start again.

Opening potentially hazardous email attachments, websites and hyperlinks inside BankVault allows you to examine them with complete isolation from your local device.  The malware typically can’t run and even Non-Malware which can potentially execute, such as JavaScript in the browser, can be thwarted by simply closing the BankVault and starting afresh with a new login.

You can open an email attachment and look at the ransomware package in the face, before deleting it or just closing your BankVault.

Note:  We recommend starting a new BankVault every time you’re about to conduct online banking to ensure you have a fresh new browser.  

This immunity to malware is one of the main use cases why enterprises are adopting “remote isolation / browsing”.  BankVault brings enterprise grade remote isolation/browsing within reach of any small business or individual.

BankVault simply sidesteps your local PC/smartphone.  Transactions occur in a temporary remote virtual machine, and when complete this environment evaporates without trace.  Your transactions are secure, anonymous and untraceable from the hackers who have infiltrated your network. 

Hackers rarely target the banks systems directly.  Instead they target the customers endpoint devices, their PCs and smartphones.  These are almost impossible to harden and almost always vulnerable. (Mark Zuckerberg famously has a piece of tap covering the webcam on his own laptop, and we’re all using exactly the same technology).  

The browsers we use are designed to run JavaScript, code which is present on almost every website today.  JavaScript executes immediately in your machine and can do almost anything.  This is one example of a wide-open security flaw, in the systems we are trusting our finances with.

According to Symantec, a Man-in-the-Browser (MitB) cyber-attack, on average lasts 10 months before the attacker stings the victim.  By that stage they know everything about you.  MitB attack can easily manipulate you to reveal your 2 Factor Authentication.  Hackers frequently combine all bank accounts, sometimes double credit limits, and then transfer all the funds out to a mule account.  A mule is typically a hapless person who for a small payment and a story has volunteered the use of their empty bank account.  Funds are then transferred to one of the towns alone the Sino-Russian boarder.

BankVault simply sidesteps your local PC/smartphone.  Transactions occur in a temporary remote virtual machine, and when complete this environment evaporates without trace.  Your work online, such as logins and passwords are secure, anonymous and untraceable from the hackers who may have infiltrated your network. 

Personally identifiable information (PII) is any data that can potentially identify a specific individual.  When your personal computer is compromised, your specific details such as name, date of birth, mothers maiden name, and login credentials, are easily gleaned by hackers.  Once they have your login credentials to your bank, they’re only one step away from tricking you into revealing your security Fob, SMS text or Google Authenticate.  

BankVault provides a secure environment, within which it’s impossible for malware to trace what you’re doing.  

Log files are kept everywhere, and the goal is to not leave any breadcrumbs on any machine you use.  Once you start using BankVault, change your banking password and never access your bank account from a normal machine again.  BankVault evaporates without trace after you exist ensuring your details are secure, anonymous and untraceable from hackers.

They may reimburse you.  But the delay while banks investigate a cyber heist can cripple cash flow, destroying businesses and reputations.  

When its beyond simple credit card fraud, banks need to investigate cyber heists before negotiating compensation.  You may have to prove that you are not defrauding the bank and that you didn’t authorise the transaction.   The process can take weeks or months.

Trustees of trust accounts are personally liable within 24 hours.  The bank may take months.  Governments may revoke a business license after 48 hours.

If you are not happy with BankVault then please contact us within 7 days of creating your account, and we will cancel your account and refund your money.

Have More Questions?