Identity Management for Banks

Feb. 13, 2018
How security integrators can bring game-changing technologies to financial institutions

There has been unprecedented change in today’s banking ecosystem: End-users are asking for more digital services, especially those they can access using their mobile devices; Fraud is increasing and becoming more complex across online, mobile, call center, ATM and other channels; Regulations are tightening worldwide; and new financial technology competitors, or fintechs, are entering the market, leveraging the banks’ infrastructure to offer innovative services to their customers.

After having navigated in relatively quiet waters for the last 20 years, banks now must reinvent themselves and be equally innovative in how they solve multiple challenges. This, of course, represents a profound opportunity for security integrators, who can help banks to address these challenges – showing them how to use trusted identities to pursue new opportunities, become more competitive and build more sustainable business strategies for the future.

Banks will also need integrators’ help to become more creative in how they deliver current services and propose new ones – and to ensure these services are secure so that their customers will trust and adopt them. Most importantly, banks must become more customer-driven, and this is where integrators can be particularly helpful, drawing on their experience working with many types of institutions and organizations to deliver a seamless user experience.

Banks are under pressure to serve more demanding customers in an increasingly competitive environment while dealing with growing fraud threats and complying with an expanding range of regulatory requirements. Integrators can help them navigate these challenges as they work together to build trusted solutions that simplify transactions and empower consumers and organizations who provide B2B customer authentication services to better protect financial information, reduce fraud and increase peace of mind.

Today’s Banks Need Biometrics

As the world becomes more and more connected, today’s increasingly mobile bank customers need better ways to authenticate and identify themselves. These customers are already able to start their cars, order a new bottle of milk from the fridge and watch over their baby using their smartphone.

These and other new usage models are driving demand for secure and trusted connected services, and banks need to meet this demand. They need to think mobile and include all the associated geolocation, mobile biometry, “always on” and other functionality.

Many banks are already heading in this direction, using today’s digital identity transformation to help drive consistency across multiple service channels – thus improving the user experience. Banks are also facing pressure to secure their new services and solutions so customers trust them.

With the challenge to substantially improve the customer experience without sacrificing trust and security, an important way to accomplish this is by using biometrics. By better associating a user’s true identity with his or her digital identities, this approach delivers the convenience necessary for driving customer loyalty and acquisition while also supporting multiple strong authentication methods to reduce fraud across channels.

Today’s biometrics solutions can be compared to the security improvement brought by EMV for the PIN – EMV enhances the security of the card; biometrics now enhances the security of the PIN and creates a much more convenient, quick and efficient experience for the bank customer than typing in passwords.

Other mix-and-match authentication options include card and biometric, phone and biometric, and “deviceless” solutions that combine an account number and biometric.

Biometrics also can be used for bank employee authentication to enhance productivity and security. Applications include logical access for networks, shared workstations, call centers and remote applications. Additionally, biometrics can be used for transaction verification in applications including working with customer records and processing approvals. Finally, biometrics authentication is ideal for controlling physical access to ATMs, branches and safe boxes.

Trust can be further reinforced through collaboration between banks and the government on identity proofing models in which citizens receive a digital certificate that allows them to sign, timestamp and seal a document to authenticate and/or identify themselves. This is what is now occurring in European countries with the advent of the European Commission’s eIDAS Regulation. It enables the use of electronic identifications means and trust services (i.e., electronic signatures, electronic seals, time stamping, registered electronic delivery and website authentication) by citizens, businesses and public administrations, for accessing online services or managing electronic transactions across the European member states.

Mobile: Another Key Component

Increasingly, the customer must be in the middle of everything the bank is doing. This is the strength of the fintechs, and this is how banks will acquire and retain end-users.

One example of new customer-centric innovation is next-generation multi-factor authentication solutions on mobile devices. The latest solutions turn smartphones into handheld validation devices or “authenticators” for verifying online access and transaction requests, such as digital banking transactions or corporate VPN access. A mobile app is combined with public key-based cryptography and push technology to create a new experience for bank customers.

These solutions provide added security that is far more intuitive and user-friendly compared to traditional methods of authentication. Ultimately, these authentication solutions can be more broadly used to help increase cybersecurity for healthcare providers and digital business and enterprises, while improving customer and employee satisfaction.

Authentication solutions like these must support all necessary APIs, including OAUTH, OpenID Connect, SCIM and SAML in order for banks to easily adopt this new opportunity and to embrace the Open API trend. They should embed mobile application security tools like jailbreak detection, anti-cloning, Runtime Application Self Protection, etc., since providing an authentication tool on a device that is not protected would be of no-use. They should also be supported by turnkey applications that are easily customizable so that the bank can present its brand without having to build and maintain a custom app.

A Software Development Kit (SDK) should also be available to help integrate the capabilities into existing bank apps. The entire solution should provide flexible policy customization, robust security and data analytics, and create an audit trail for financial institutions that enables them to comply with regulations such as PSD2, GDPR and others.

This type of mobile platform for trusted transactions, combined with new regulations now coming into play, creates an opportunity for banks to become the central point of identification and authentication for a digitally connected world that, until now, has suffered from the complexity of so many different online identities and passwords. Every end-user could potentially have his or her online trusted identity generated and held by banks, and would be able to identify and authenticate for many types of transactions – from government and utility services to commercial offerings.

These solutions will give bank customers the confidence that they have more control over who is accessing their confidential and proprietary information, and that they are protected even when they behave unsafely.

Olivier Thirion de Briel is HID Global’s Global Solution Marketing Director for Financial Institutions and IAM Solutions. Request more info about the company at www.securityinfowatch.com/10213866.