INNOVATIVE IT- SECURITY FOR THE BANKING AND PAYMENT INDUSTRY Verisec is a Swedish IT-security company specialized in digital identity and information security solutions for the banking and payments industry. With cutting edge technology we provide solutions throughout your value chain; from encryption of your back end systems all the way to a secure and intuitive mobile banking experience your customers are facing. With operations in Europe, Latin America and the Middle East, we have the resources to serve international clients like BBVA, Swedbank and Verifone as well as local niche banks.
AN EXPERIENCED PARTNER FOR A TECHNOLOGICAL ADVANTAGE With more than 13 years of experience, Verisec offers identity, mobile and information security solutions to protect the IT infrastructure of banks, payment processors, stockbrokers and other organisations that handle high-value transactions: Digital Banking Strong authentication solutions. Online transaction signing solutions. Mobile Trust Platform to secure mobile banking applications such as mobile payment, identity and host card emulation. Secure Services Logistics for security devices. Information Security Encryption with Hardware Security Modules (HSM). Key management. Employee Identity & Access Remote access & application security. Secure access for partners & consultants. Cloud identity. Hosted security solutions.
DIGITAL BANKING Providing banking services on all digital platforms is a critical element of success. However, creating services with the very best user experience is not enough if the system is not protected with the very highest level of security. At Verisec, we believe that the mobile phone is the key in bringing this together and we have created the solutions to make it possible. Strong Authentication It s long been a given that online and mobile banking need defending against phishing, identity fraud, man-in-themiddle attacks, malware, session highjack and other forms of digital attack. The fundamental baseline of digital security is the ability to strongly verify a user s identity. This effectively defends against many of the techniques favored by fraudsters. Two-factor authentication and single use passwords are currently the de facto standard employed by most banks that offer online and mobile transactions as part of their services. Verisec has a well-proven solution based on the widely deployed Freja ID authentication server, as used by international banks such as BBVA. In fact, Verisec have supplied millions of one-time-password devices over more than a dozen years of trusted service to the banking industry. However, the trend in authentication is towards more convenience and less secondary hardware which naturally directs the market towards using the mobile phone as the trusted anchor for the banking relationship. Mobile trust is Verisec s strength. Our intuitive solutions are designed to facilitate the modern banking relationship customers want, and banks must offer to remain compelling in the ultra-consumer age. Transaction signing Although strong authentication is the mandatory baseline in online security, traditional one-time password systems faces challenges: users in the always on, available anywhere world are increasingly dissatisfied with these traditional security systems. Implementation flaws allow sophisticated attacks to exploit that user dissatisfaction - their need for speed and convenience. Sophisticated attacks aimed at substituting a rogue account number when setting up a new payee is an increasing threat to the rushed customer. The answer is to make the user experience more convenient, simpler, and most of all, clear as to what transactions are taking place.
BUILD APPLICATIONS WITH MOBILE TRUST AT THE CORE FREJA SDK MOBILE TRUST MOBILE PAYMENTS ONLINE MOBILE PAYMENTS HCE SINGLE SIGN-ON FINGERPRINT IDENTIFICATION ENCRYPTION KEY MANAGEMENT MOBILE BANKING The mobile phone as a device for login and signatures Mobile trust platform As part of the mobile revolution, mobile banking and ENCRYPTION KEY PROVISIONING APP SHIELDING Digital bank customers of today are rarely far from their payment solutions are growing rapidly, with a wide range mobile phone. Married to the right software, the mobile of services available and a large number of new competitors phone makes a great security device, balancing cost, emerging from the non-banking world. Banks need to react convenience and security. Verisec s Freja Mobile Solution offers several advantages compared with traditional login devices such as tokens and first-generation login apps. quickly to offer their customers mobile payment services to avoid being sidelined. SEE WHAT YOU SIGN MESSAGE ENCRYPTION IDENTITY FEDERATION TRANSACTION SIGNING The mobile phone is a computer that is always online, This is a challenge for banks in that speed to market and enabling completely new functionality, such as the ability good security are not always in alignment. Many mobile to display in plain text what transaction is taking place, or where the user is logging in from. This eliminates the risk of man-in-the-browser attacks, and also provides the user banking applications are insecure and already the first issues are reported in the press. The banks have an opportunity by partnering with a security specialist, HSM ENCRYPTION USER REGISTRATION with a far better experience of the banking service. banks can improve agility by building their applications on an existing hardened security platform. This approach means they can concentrate on their core area of expertise ON-DEVICE ENCRYPTION IDENTITY MANAGEMENT SSL CERTIFICATE VALIDATION MULTI-FACTOR AUTHENTICATION (OTP) designing and offering a service that fits the customer s need. The complex and time-consuming security subsystems 1 000 000 000 can all be taken care of by Verisec, utilizing the Freja Mobile Trust Platform. With the Freja Mobile Trust Platform you can build INTEGRITY OF MOBILE APP CONFIGURATION AND SETTINGS SECURE MESSAGIING (ENCRYPTION AND DATA INTEGRITY) users of mobile banking by 2017 applications with mobile trust at the core. By integrating our SDK in your systems you can focus on creating applications with unique user experience without worrying about security and compliance issues. We also have a close partnership with some of the world s leading developers of mobile bank applications and can form a joint development team if you want to take your banking SECURITY ELEMENTS MOBILE APPLICATIONS app to the next level or develop a new solution.
SECURE SERVICES INFORMATION SECURITY Hardware tokens Hardware security devices are still very popular for online banking, when correctly implemented they form a good defense against most common digital fraud techniques. Verisec s authentication server product Freja ID is based on open standards, which means that you can choose from a wide range of login devices. Physical security tokens have traditionally been the solution offered by banks to their customers, and Verisec offers a complete service for large-scale personalisation and distribution of these devices through Verisec Services. Services for tokens from other vendors The secure logistics service Verisec offers is in many ways unique and few of our competitors offer anything in this area, leaving their banking customers on their own to sort out the challenges around provisioning and distribution, Encryption devices Hardware security modules must be handled an distributed in a PCI compliant manner and this is one of the services Verisec can offer. Hardware encryption modules for payment is tamper evident but the process of distributing them also have high security standards in order for the unit to meet compliance regulations. As one of the leading resellers for Thales e-security we have many years of experience in this field. Hosted Security solutions More and more banks are considering solutions that mean outsourcing all of their IT security concerning digital identities. Verisec has developed exactly this type of solution, in close partnership with a Swedish bank. The service is an end-to-end commitment comprising both registration of new users and ongoing identity manage- Encryption - Hardware Security Modules Banks and payment processors handle the most valuable digital assets of all, which places higher security demands than in any other industry. As more and more digital services become available, effective and simple encryption and effective key management are fundamental for the secure management of information and transactions. Verisec offers end-to-end solutions in this area for most fields of application where encryption is required: Transaction processes. PKI solutions. Issuing of payment/smart cards. ATMs. Payment terminals. Key management Until now, most encryption keys are managed in manual processes making the systems extremely vulnerable to human errors. In addition as encryption is becoming more and more widespread, the number of encryption keys is growing to the extent that they cannot be managed manually. 49% increase of data breaches in 2014 not least the security issues. As a result of that we manage security devices for many banking customers that have other ID-solutions than Freja and we are of course happy to provide the same service to you, even if you are not using Freja. Even though we foresee a future where the mobile phone will be the most common login device, the hardware token will be around for many years ahead. So will the pain with managing the devices, unless you let us relieve it for you! ment. An outsourcing solution means several advantages for a bank: The bank can focus on its core business rather than support processes. They don t need to have experts or staff in this area. Greater flexibility when implementing new identification methods. 80% of payments worldwide are protected using Thales hardware encryption, and Verisec is one of the worldwide leaders in integration and systems development using Thales products. Our Freja products is also designed for supporting Thales HSM integration for customers that want to add an extra layer of security in the identity management systems. Verisec has its own product line for managing encryption keys: Chiave, for smooth and secure handling of all types of keys, from personalisation of payment terminals to encryption of smart cards. Verison uses Chiave for key management of payment terminals on a global basis. No need to invest in the necessary infrastructure. This results in clear cost advantages.
EMPLOYEE IDENTITY & ACCESS Remote access & application security The ever increasing trend towards employee mobility and cloud based applications present financial institutions with a much bigger version of an old challenge: how to ensure that only authorized people have access to data and systems. Passwords are simply not good enough to reasonably identify users accessing sensitive systems remotely. Phishing, social engineering, Advanced Persistent Threat attacks have shown this again and again. Strong authentication is a minimum baseline defense for remote users accessing bank systems. The same identity servers used for securing customer access Freja ID can also be used for securing remote access for employees. It enables a wide range of authentication methods and has a unique feature for minimizing administration around provisioning of tokens with a self-service portal. Cloud identity As more applications are bought from external service providers, Financial Service providers find that sensitive information and systems are protected by usernames and passwords that they do not control. This presents a risk, not only with the security flaws inherent with passwords, but also because the cloud applications have their own password policies and systems, often unsupervised by the internal IT team. Verisec offers both tools and complete solutions for identity management in the cloud. Freja Connect links the bank s internal authentication system with external cloud services, bringing control over logins and identities back within the organisation rather than leaving it with the cloud service or employee. For the user, this also means enjoying the advantages of single sign-on and not needing to worry about keeping track of numerous passwords for different services. Secure access for partners & consultants It s also been a given that consultants and partners will have secure access to the internal networks and cloud services used in their daily work. Verisec is an integrated supplier of all of the parts that make up an Identity & Access Management solution, all the way from the basic architecture with authentication services to secure handling and distribution of security tokens. Today we count the majority of Swedish banks among our customers, as well as international banks with operations on multiple continents. 7 out of10 reuse the same passwords
ABOUT VERISEC Verisec is a company on the cutting edge of digital security creating solutions that make systems secure and easily accessible. We provide a wide range of products and services within our two areas of business: Digital Identity and Information Security. The Freja and Chiave product suites are developed by Verisec and used by banks, governments and corporations worldwide. For encryption and HSM-solutions, Verisec integrates technology provided by Thales e-security, a leading global provider of data protection solutions. Verisec was founded in 2002 and is listed on Nasdaq First North in Stockholm. NORDICS Carl Persson carl.persson@verisec.com +46 (0) 733 458 914 UNITED KINGDOM & IRELAND Alan Davies alan.davies@verisec.com +44 (0) 7825 953 933 SPAIN & PORTUGAL Anders Bahrton anders.bahrton@verisec.com +34 (0) 605 216 772 LATIN AMERICA Carlos Flores carlos.flores@verisec.com +52 (1) 22 21 321 973 MIDDLE EAST Anders Henrikson anders.henrikson@verisec.com +46 (0) 733 458 903 sales@verisec.com l +46 8 723 09 00 l www.verisec.com