Key logging is one of the most disturbing ways currently being used to illegally obtain customer's sign-in details for e-commerce enabled sites, ultimately leading to financial loss either to the customer or the vendor.

A product released earlier this year that was developed in Korea, where online crime is among the highest in the world, offers online providers, and bankers in particular, the closest to "full-proof" protection yet. As simple in its design as the very problem it is there to solve, K-Defense, goes to the lowest level of a computer's basic architecture to intercept and effectively mask keystrokes from anyone other than their intended recipient.

When you consider how simple the concept is, its surprising so little attention has been given to the development of preventative measures, or indeed adoption of the few products that are available by the vendors themselves. Currently most forms of protection rely on firewalls and anti-virus software to intercept and delete malicious programs that can be used to record and then forward keystrokes to an unknown assailant. However, the degree of protection is only as good as the last update and even then, that assumes the customer has actually bothered to install some form of Internet security on their PC in the first place. And this is where K-Defense really stands out as it can be made a mandatory and integral part of the vendor's own online channel, and best of all at a realistic cost.

The small piece of code is downloaded to the customer's PC each time they arrive at the vendor's online channel. This is obviously far more attractive than relying on the customer to install, and maintain, software or hardware based security products. In this way, a customer is unable to login or use the vendor's Internet channels unless K-Defense is physically present in the customers PC. When this is coupled with digital certificates used by the vendor, the effective protection against key logging, using a conventional keyboard, is near enough 100%.

Key logging works on the premise that the fundamental design of computers relies on keystrokes passing a standard route from the keyboard through a hardware interface and on to the operating system, and then, the application. As a result, most keystroke protection systems rely on encryption that is carried out in the operating system of the PC, using 128 bit based algorithms embedded in the software. Unfortunately encrypting at this level is normally too late, as most malicious programs run below the operating system and therefore well ahead of the protection.

K-Defense, on the other hand operates at an even lower level, creating a barrier between the operating system and the physical hardware components. It does this by creating a random routing path that takes the input directly to the application program level, making the need for encryption unnecessary and making it near impossible for the malicious code to track. Once at the application the vendors existing security takes over, transmitting the data over its secure lines directly to its server.

This simple but effective solution is further enhanced by the nature of it being page based as opposed to field based. Meaning that the protection offered can be activated by the vendor on any page, instead of, activated at each and every input field. Some other similar systems necessitate the rewriting of applications to embed coding at each point of data input, which can become a costly and time intensive project. Finally, when the customer leaves the vendors online channel, or closes their browser, the K-Defense system quietly deactivates until the customer next visits the vendor.

Taking almost 2 years and involving a number of their 2,700 strong development team, the IT division of Hyundai developed K-Defense. It was first put to use late last year at the country's Ministry of Information and Communications, with a number of financial institutions in Korea looking to deploy the system in the coming months. Earlier this year three Australian banks, including Commonwealth Bank and Westpac, began field trials of the system with reportedly promising results.

Although K-Defense addresses the conventional keyboard, which is physically connected to the PC, it does not yet offer protection for wireless devices. While the popularity of wireless keyboards is still not that high, some tests carried out in the US have found that with the correct conditions it is possible to "eavesdrop" on transmissions and effectively play them back in real-time on another PC.

However, as more incidents of online theft from banks are pushing many country's financial regulators to impose greater responsibility for customer security back on to the bank's themselves, cost effective solutions such as K-Defense are likely to become considerably more widely adopted, rather than wait for the next development.