Technical Analysis

Technical Analysis

Targeted security

BankVault takes advantage of many security properties inherent to a remote virtual machine, to build a security solution which addresses every imaginable attack. We layer different security techniques on top of one another, each one eliminating a set of attacks or threats that could possibly work.

Just one layer would be difficult to break on its own, but cumulatively, they work together to create a completely safe, private and secure way to go online. BankVault is the most comprehensive and endpoint security available today.


BankVault has built technology to make the location of each BankVault session completely random.

Theoretically at least, it may be possible (although difficult) for a hacker to compromise an ordinary remote virtual machine, but with Bankvault, there’s no plausible way to target it because it’s entirely unpredictable and untraceable.


A BankVault session exists only for the time its required. Our solution ensures no session data is collected, no history saved, no backups taken, no information recoverable. Then, once you’re finished it’s erased.

There’s nothing to hack, track or attack.

* Some BankVault solutions do offer the ability for certain specific files to be downloaded, saved and accessed from one session to the next within the BankVault environment.

Anonymous and untraceable

A different, shared IP is assigned to each BankVault session you begin. You can’t be identified or tracked by your IP because it’s different every time.

Cookies, issued by websites to track you across the internet, are not retained during a BankVault session. Even super-cookies, which override no-track settings on people’s computers, and HTML5 storage, are useless.

There’s no way for a destination site to identify you, or track your online activity between sessions.

To comply with Data Retention Law, BankVault retain only a timestamp of your logon to our service. That is all.


Using a remote virtual machine enables your endpoint to be moved into a secure private cloud, far away from your own vulnerable computer and network. When you go online via BankVault, you are only ever seen as being in that far away cloud location. (And, of course, you can’t be recognised or identified because you’re also anonymous and untraceable).

Encrypted connections

BankVault uses TLS and SSH to encrypt and transmit all data securely.

No transmission of malware possible

BankVault virtual machines cannot pass any malware you encounter while using BankVault to your computer.

Some customers use BankVault environments to test emails and websites for malicious software and then simply close the session when they encounter something unwanted.

A pristine BankVault virtual machine

Each BankVault virtual machine is created as a copy of an untouched, clean, up-to-date, pristine desktop image. It’s brand new every time so you can be certain there are no viruses, malware or other undesirable software installed.

You can also be certain it’s fully up-to-date with the latest, most secure software versions.

It doesn’t need virus definitions updated. You don’t need to install patches.


We don’t publicise where our data centres are, although for Australians they are in Australia, for Americans they’re in the US, and so on.

Your session activity is completely secret because your BankVault is also temporary, remote (hidden), anonymous and untraceable.

The only way a website could identify you is if you log on to it.

Minimum attack surface

The BankVault remote desktop you access is minimalist. We provide a minimum software to keep the potential attack surface small.

Hardware validation

BankVault Key and SafeWindow users lock their accounts so that they will only work from their own computer.

BankVault automatically validates your computer’s hardware against your account before connecting you to your BankVault remote virtual machine.

This means you are effectively upgrade any existing two-factor logon processes to three-factor authentication.


Theoretical limitation disclosure

We are confident that BankVault addresses every attack possible vector—far in excess of any other endpoint solution.

Theoretically however, it is possible for a BIOS level threat to impact your system because BankVault still requires the BIOS to load. For this to be effective, malware targeting the BIOS on your computer would need to already exist on your system. It could not transfer from your BankVault session to your computer.