hid global securing the digital banking revolution paul ... · online, mobile, telephony,...
TRANSCRIPT
The Trusted Source for Secure Identity Solutions
An ASSA ABLOY Group brand
Securing The Digital Banking RevolutionMobile Banking SecurityPaul Anderson, Senior Security Consultant IAM
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
AGENDA
The mobile banking landscape
The impact of financial regulations
The need for frictionless security
Frictionless security solutions
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Global Mobile Payment Transaction Volumes
Global mobile payment transaction volume from 2015 to 2019 (in billion U.S. dollars)
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Mobile banking adoption is on the rise with emerging territories leading the trend
KPMG Mobile Banking Report 2015
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Mobile banking customers are not just Millennials and Generation Y
Average age of mobile banking users, by country
KPMG Mobile Banking Report 2015
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
United Kingdom
Source: Vocalink 2013 mobile payments research
Enablers and barriers for the adoption of mobile banking
KPMG Mobile Banking Report 2015
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Security can offer an innovative and disruptive offering for mobile banking
KPMG Mobile Banking Report 2015Source: KPMG Analysis
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Security requirements for mobile banking goes beyond authentication
Layer 5
Application Security
• Application hardening
• Mutual authentication
Layer 4
Transaction Signing
• OOB Transaction Verification
• Transaction monitoring
• Behavioral analysis
Layer 3
Browser Protection
• Secure browser
• Malware detection
• Mutual SSL
Layer 2
Device Authentication
• Endpoint Device Identification and Profiling
• Proxy detection
• Geo-location and velocity check
Layer 1
User Authentication (MFA)
• Something you know (passwords)
• Something you have (token or tokenless)
• Something you are (biometrics, behaviormetrics)
Malware
Detection
Device ID
Behavioral
Protection
Smartcards, OTPCards, Soft & Hard Tokens
Mobile
Signing
OTP
Verification
Secure Multi-Channel Banking
Push
Notification
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
PSD2 mandates strong authentication and involves at least two of three elements
Layer 5
Application Security
• Application hardening
• Mutual authentication
Layer 4
Transaction Signing
• OOB Transaction Verification
• Transaction monitoring
• Behavioral analysis
Layer 3
Browser Protection
• Secure browser
• Malware detection
• Mutual SSL
Layer 2
Device Authentication
• Endpoint Device Identification and Profiling
• Proxy detection
• Geo-location and velocity check
Layer 1
User Authentication (MFA)
• Knowledge (passwords)
• Possession (token or tokenless)
• Inherence (biometrics, behaviormetrics)
Malware
Detection
Device ID
Behavioral
Protection
Smartcards, OTPCards, Soft & Hard Tokens
Mobile
Signing
OTP
Verification
Secure Multi-Channel Banking
Push
Notification
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
PSD2 Timeline – Are You Ready?
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
PSD2 is shaking up security within the financial and payment markets
PSD2 heralds strong customer authentication (SCA). This is
a more secure authentication concept that goes beyond
traditional authentication and involves at least two of three
elements
– Knowledge (such as security questions)
– Possession (such as a mobile device)
– Inherence (such as biometric data).
An ASSA ABLOY Group brand
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
HID Global. The Security Complimentary Solution Provider for Temenos.
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
The Temenos - HID Global Partnership
Only authentication solution pre-
integrated with Temenos solutions
10 years of collaboration.
HID and Temenos partnership initiated
in 2006
Deployments in twenty-six countries
worldwide
Multi-channel authentication. Online, mobile, telephony, in-branch, ATM
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Temenos & HID Global Working Together
Asia PacificCambodia
Nepal
Sri Lanka
AmericasCanada
Costa Rica
El Salvador
Panama
USA
Venezuela
Middle East & AfricaAngola
Bahrain
Ethiopia
Ghana
Jordan
Kenya
Lebanon
Mauritius
Rwanda
Saudi Arabia
Tunisia
Zimbabwe
EuropeCyprus
Luxembourg
Netherlands
Russia
UK
Our global networks enable us to be close to our clients, understand their requirements and deliver integrated solutions quickly and accurately
41 banks
26 countries
An ASSA ABLOY Group brand
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
Authentication ServicesFrictionless Security Needs
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
ThreatDetection
UniversalBiometric
Solutions
SecureOut Of Band
Notifications
SecureTransaction
Authentication and Authorization
Frictionless Security NeedsSecurity beyond passwords
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Frictionless Security Needs Multi-channel and multi-tenancy support
Private Banking Customers
Corporate Banking Customers
Trade Finance / Treasury Customers
Retail Banking Customers
Call Center
IVR Internet Mobile
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Frictionless Security NeedsLayered, risk based authentication.
1. Static
credentials
2. DeviceID
3. One Time
Password
4. PKI Certificate
Authentication
5. OOB
Transaction
verification
6. Transactionsigning
Low Risk TransactionsView customer data View account data
Medium Risk Transactions
Payments to predefinedpayees
View statements
High Risk Transactions
Set up new payees
High value payments
7. Fraud Detection
Service
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Frictionless Security NeedsNon-repudiated, tamper evident auditing
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Frictionless Security NeedsA broad range of authentication methods
An ASSA ABLOY Group brand
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
ActivID® Authentication ServicesFrictionless Security Solutions
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Push
Soft Tokens
ThreatDetectionService
Frictionless Security SolutionsActivID® Threat Detection Services (TDS)
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Device Analytics
Identity AnalyticsIdentities
& Personas
Associations &Related Events
Activities
Patterns & Anomalies
Velocities &Frequency
Analyst & TrustFeedback
Customer Defined Policies
Global Trust
Intelligence
Network
Behavior Analytics
Over 3,000 customers
Over 1bn trans / month
Frictionless Security SolutionsActivID® Threat Detection Services (TDS)
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Frictionless Push Notifications
User enters static
credential (optional)
Decline
AcceptAccept
Logon Successful
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Frictionless Security SolutionsActivID® Trusted Transactions
£100 money transfer
Catriona
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Passive
Biometrics
Transparent, Continuous User Verification for Mobile & Web”Press” ”Flight” ”Sequence”
KeyPress
KeyFlight
KeySequence
TouchPressure
TouchQuotient
TouchAngle
TouchSwipe
Frictionless Security SolutionsBehaviormetrics
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
ActivID® Authentication Services Summary
HID Global’s ActivID Authentication Services is the only authentication solution pre-integrated with Temenos solutions.
HID Global’s ActivID® Authentication Services enables banks worldwide to secure access to critical infrastructure, prevent breaches and achieve compliance, mandates, policies and guidelines.
Banks can reduce costs by deploying a single platform capable of handling a versatile range of multi-factor authentication methods, enabling users to connect securely from any location, at any time, via their preferred device.
The solution provides the security banks need to stay ahead of an ever-changing threat landscape, without disrupting user workflow and productivity.
Compliance
CostEfficiency
Usability
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Navigating The Digital Banking Revolution Closing Summary
Mobile Poised for Substantial Growth
Customers Need Reassuring Mobile is Safe
Competitive Market
Malware Attack on Rise
Legacy Password and SMS OTP Not Good Enough
Need Adaptive Multi-Layered Authentication
Leading Provider of Banking Security Solutions
Pre-integrated with Temenos’s solutions
One Provider For All Your Needs
Maximise Security and User Experience
Future Proofed
Keep Your Customers Safe
Comply
Increase Profitability
Grow Market Share Through Innovation
28
Embrace Mobile
Banking
Invest in HIDand
Temenos
ReplaceLegacy
Security
Grow Your Business
An ASSA ABLOY Group brand
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
hidglobal.com
Follow Us!#HID_EMEA
HID Global EMEA
www.hidglobal.com
The Trusted Source for Secure Identity Solutions
An ASSA ABLOY Group brand
Supplementary SlidesHID Global Channel Authentication Solutions
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Digital Channel Authentication
ActivID@ Tokens ActivID@ Out Of Band
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Digital Channel Authentication
ActivID@ Trusted Transactions ActivID@ Threat Detection Services
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Digital Channel Authentication
ActivID@ Behaviometrics Passive
Biometrics Lumidigm Biometrics from HID Global
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Call Centre Authentication
ActivID@ Call Centre Verification ActivID@ IVR Voice and DTMF Tones
Interaction
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
In Branch Authentication
ActivID@ In-Branch Verification Lumidigm Biometrics for ATMs from HID
Global
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
An ASSA ABLOY Group brand
Bank Employee Authentication
ActivID@ Authentication for Network,
Remote Access & Cloud
HID Converged Access for Buildings and
Networks
PROPRIETARY INFORMATION. Do not reproduce, distribute, or disclose. No unauthorized use.
hidglobal.com