Digital Identity Trends in Banking

Transcription

1 i-sprint Innovations Identity and Security Management Solution Provider Digital Identity Trends in Banking Banking Vietnam 2017 Proven Bank Grade Identity and Security Management Solution Designed, Architected and Built By Global Banking Professionals Copyright i-sprint Innovations All Rights Reserved

2 Next Generation Banking Future Banking Trends giving your customers what they want Fraud is the ugly disrupter of Digital Transformation & Trust Source: *Brett King, Bank 3.0 Copyright i-sprint Innovations All Rights Reserved Page 2

3 Hyper connected users want to do more, but they can t TRUST it. of successful breaches target the application layer of tested apps has at least one vulnerability of mobile malware specifically targets financial information on devices Source: Trustwave Global Security Report 2016 Copyright i-sprint Innovations All Rights Reserved Page 3

4 TRUST ME. I have done this before. Where is trust needed in the Digital World? 1.You need to trust that you know your user 2.You need to have trust to securely provision that known user with a strong credential that is easy to use for authentication. 3.You need to trust that the device(s) are secure 4.You need to trust that the application is secure 5.You need to trust the communication channel to/from your trusted identities, devices and applications 6.You need to trust the intent of the user whether it s a financial transaction or process assurance as information is exchanged 7.You need to trust the user s behavior on all his devices across all of your channels Trust takes years to build, seconds to break, and forever to repair. Copyright i-sprint Innovations All Rights Reserved Page 4

5 Which Authentication? Copyright i-sprint Innovations All Rights Reserved Page 5

6 Security Threats vs OTP Authentication Trends Security Level of Authentication Mechanisms Authentication using Static passwords (before yr 2005) Authenticatio n using Static passwords + Virtual Keyloggers Attack Keyboard (before yr 2005) Two Factor Authentication using Timebased OTP (btw ) Phishing Attacks Password Database Attacks Two Factor Authentication using Hardware OTP (btw ) Man-in-the- Middle Attack (MitM) 2FA using SMS OTP (btw ) Man-in-the- Middle Attack (MitM) Transaction Authorisation using Hardware OTP (btw ) Transaction Authorisation using SMS OTP (btw ) Man-in-the- Mobile Object (MitMO) Transaction Signature using Hardware OTP (beyond 2010) Sophistication Level of Attacks Courtesy : Vasco Gim Leng Koh Copyright i-sprint Innovations All Rights Reserved Page 6

7 Current State for FSI 2FA in ASEAN Singapore and Hong Kong regulators recommended Digital Signature for e- transactions be adopted by all Banks since For corporate as well as retail banking also. Transaction signing is also popularly adopted in Indonesia For most countries, simple OTP is de-facto in retail banking and Transaction signing for corporate banking Emerging adoption of new form-factors credit card size token. Transaction signing Transaction signing is the hygiene factor for any new deployment Copyright i-sprint Innovations All Rights Reserved Page 7

8 Improving the Experience Emphasis on Improving the Form Factor and making it easier. Mobile Tokens 2 nd Generation with Secure Seed Provisioning QRCode for Transaction info download Push Notification Enabled Initiate from Tablet/PC and Approve the transaction from Phone Consider to combine with Bluetooth Tokens to address the security Hardware Tokens Optical Tokens Camera Equipped Tokens Vasco Cronto Copyright i-sprint Innovations All Rights Reserved Page 8

9 Combining Mobile with Biometrics and other factors Enable Multi-Modal Authentication using Mobile Applications using the common built-in features in mobile devices - Face, Voice, Contextual e.g. Time, Locations, access points, etc Where you are (geo-location) What you know (pin or passcode) What you have (phone) Who you are (face, voice, fingerprint) When you are (date, day, time-of-day) Copyright i-sprint Innovations All Rights Reserved Page 9

10 Copyright i-sprint Innovations All Rights Reserved Page 10

11 Strong Authentication with Seamless Experience Omni Channel Authentication Internet & Mobile Banking Transaction Signing Strong Authentication with Seamless User Experience 2FA Cardless ATM Document Signing Know Your Customer (KYC) e-pin Mailer Copyright i-sprint Innovations All Rights Reserved Page 11

12 KYC Account Opening/Card Application Remote KYC How to assure your presence? How to verify your identity? How to verify your signature? Photo of ID Liveness detection Pic preprocessing Facial Recognition Digital Signature OCR Info to capture the face pic Take a live pic Quality adjustment and watermark removal Cross- Verification among available pics Additional Check for Signature Copyright i-sprint Innovations All Rights Reserved Page 12

13 I already logged in with 2FA Organizations are seeing Single Sign on as a competitive differentiator Allows cross-sell of products & Services Common login across Multiple applications Banks - Consumer e-banking, Securities and Unit Trust Trading Across Countries Single login for Corporate e-banking products across countries Across Partners Fintech Alliances Airline, Car Rental, Hotel, Attraction Ticketing, etc Make Digital Channels Usage Sticky and earn more $$ Copyright i-sprint Innovations All Rights Reserved Page 13

14 THE BENEFIT OF CUSTOMER TRUST Banks benefit from delivering trust- get a Win Recommend to others 83% Use products & service more frequently 82% 78% Will look to it first for the their needs Give new products & services a try 78% 50% Will pay a premium for products & services Source: Research Now Trust Study Copyright i-sprint Innovations All Rights Reserved Page 14

15 TRUST IN THE DIGITAL WORLD The success of a digital transformation hinges on delivering trust VASCO Digital Trust Platform Trusted Identity Trusted User Trusted Device Trusted App Trusted Channel Trusted Data & Docs Trusted Signatures Trusted Behavior Who you are What you use What you do How you do it IDENTIKEY Risk Manager f o r A P P S Identity Proofing Multi-Factor Authentication Mobile Application Security Transaction Management Risk Management Copyright i-sprint Innovations All Rights Reserved Page 15

16 RASP Runtime Application Self Protection Prevent RASP MY Bank Detect Kill Notify Anti-screen shots Debugger prevention Anti-repackaging Anti-code injection Anti-key logging Emulator protection Anti-screen reader Anti-screen mirroring Choose a Mobile Token with a RASP component Copyright i-sprint Innovations All Rights Reserved Page 16

17 (VERSATILE AUTHENTICATION) Authentication Method and Vendor Agnostic Back-end = No Lock-In Supports Pin, OTP (SMS, Hardware, Mobile), Biometrics (Face, Finger, PalmVein) Covers entire Token Life Cycle Management - Issuance, Delivery, Enablement, Authentication, Authorization, Lost Tokens, Out of Sync, Replacements, Inventory HSM Integration to provide strong key management and credential verification AccessMatrix Engine Supports Authentication Realm (Multi-Step Authentication Flow) Pluggable Authentication Module ID Password Knowledge Based One Time Password Out of Band PKI Digital Cert Biometrics Third Party STANDARDS Active Directory LDAP RADIUS Kerberos NTLM E2EEA Web token Questions & Answers Pictures Matrix Card EMV-CAP INTEGRATION Access Manager Copyright i-sprint Innovations All Rights Reserved Page 17

18 The Unified Single Sign-On Platform for Enterprise, Cloud and Mobile Applications Copyright i-sprint Innovations All Rights Reserved Page 18

19 Takeaway Authentication is getting complex while form factor is improving FSI - Transaction Signing is the dominant trend. Consider Mobile Authentication with RASP and Biometrics Invest in a vendor agnostic authentication backend to be flexible. With the investments in security, What else can you sell online Offer innovative products Leverage the same authentication across products One Login to access multiple products online across geographies is coming. Invest in a common authentication and sso platform. Use Security to enable Innovation! Copyright i-sprint Innovations All Rights Reserved Page 19

20 World Class Identity & Security Management Solution Provider Our Technologies Recognitions Some of Our Clients Enterprise Identity & Security Management Software & Services Identity Protection Cloud Protection Data Protection Mobile Security & Product Identity Solutions Mobile App Security, Strong Authentication Product Identity & Counterfeit Detection NetworkWorld Asia Readers Choice Product Excellence Awards Copyright i-sprint Innovations All Rights Reserved Page 20

21 Priyesh Panchmatia i-sprint Innovations Director, Solution Consulting /isprintinnov /isprintinnov /company/i-sprint-innovations Copyright i-sprint Innovations All Rights Reserved Page 21