Authentication solution for e-commerce and e-banking

Authentication solution for e-COMMERCE and e-BANKING

Banks` growth and profitability are linked to eBanking. Customers prefer online banking because it is more flexible than high street branch or phone banking, and it offers banks the opportunity for growth and cost savings. However, eBanking depends on secure authentication and user trust.

X InfoTech is a one-stop shop for complete eBanking security solutions, including hardware, software, consulting and design, training, maintenance and support as well as device customization and fulfillment.

Future-proof
Don’t start with a dead end. When it comes to remote banking authentication, you need a system than can grow with you. X InfoTech lets you deploy a low-cost, simple system today and still provide an upgrade path for the future.

Solution supports a wide variety of Two-Factor Authentication techniques, including:

• One Time Password (OTP)
• Double Authentication
• Challenge-response
• Sign-What-You-See
• Secure Domain Separation
• Dynamic Signatures
• Electronic Signatures

Provided solution is completely flexible, allowing you to mix and match users with different devices and authentication schemes. This approach simplifies your backend IT while maximizing flexibility.

For example, System lets you to get started with Printed Card or Scratch off Card or simple One Time Password (OTP) Token and, as risks and markets change, seamlessly upgrade to more advanced devices. You can even offer other service providers a multi-issuer authentication service using your authentication system.

The result is a system that lets banks to balance the demands of cost, usability and security over time. It is low-risk, scalable, secure, flexible and, above all, future-proof.

Two-Factor Authentication

The number of Internet frauds has increased rapidly over the last few years. This is a threat to all institutions that provide online banking, shopping, gaming etc. Successful frauds do not only have immediate financial implications, they can also lead to bad image and customers cancelling their service, leaving for a more secure one.

X InfoTech solution with it Two-Factor Authentication, offers protection from all existing kinds of fraud attacks. The recognized factors for Two-Factor Authentication are:

• Something you know, such as a password or a PIN
• Something you have, such as a smart card, security token or mobile phone

One time password
 

Authentication solution includes generation of an OTP – One Time Password. The OTP can be generated on a smart card (presented by a secure device), token, mobile phone or sent by text message.

The OTP is entered by the end user and verified by kinds of the authentication System. OTP prevents the following attacks: Key logging, Screen logging and Shoulder-Surfing. By the time the attacker sees the OTP being entered, it is already too late, since the OTP is already used and not valid anymore. If the OTP is logged or recorded in any way, it is of no value to the attacker since it is only valid once and only at the time it is used. OTP combined with a password and/or a PIN is  one of ways for obtaining of Two-Factor Authentication.

Benefits using the Token based approach

• Cost effective device
• Provides strong two-factor authentication together with online password
• Low logistic costs
• Portability: Token is small and portable - convenient to carry with you at all times
• A single button-press generates a new One Time Password
• User-friendly functionality
• Quick roll-out
• Smooth personalization: You can personalize a whole batch in factory or a single device at the bank office

 Compliance to standards

• ISO 13491-1 (Banking Secure cryptographic devices)
• ISO 8732 (Key generation)
• ANSI X9.32 (Data Encryption Standard)
• ISO 11568 (Key management)
• ISO 9797 (Message Authentication Codes)

 Benefits using the Reader based approach

• No need for personalisation of the reader, as the secrets are kept in the smart card
• There are used identical terminals, which do not require any security handling and therefore are easy to distribute
• Portability: Reader is small and portable - convenient to carry with you at all times.
• User friendly functionality
• Future and backward compatible - the firmware in the reader is independent of changes in the EMV specifications or other smart card specifications.
• Multiple services can be provided with the same reader
• Dynamic Signatures capability, increasing security when signing transactions
• Separate function keys, enables Secure Domain Separation
• Large display allows long One-Time Passwords and Signatures
• Fully compliant with industrial standards such as 3-D Secure CAP, MasterCard SecureCode CAP, VISA dynamic passcode authentication, German Sm@rt TAN and Taiwanese FISC II

Compliance to standards

• ISO 7816
• MasterCard SecureCode CAP
• 3-D Secure CAP
• APACS
• VISA dynamic passcode authentication
• Taiwanese FISC II OTP
• Proton Balance Reader

Certifications

• EMV level 2 (3-D Secure CAP)
• EMV level 1 (EMV 2000)
• CE

Mobile Solution

The Mobile Solution is a set of different technologies allowing authentication to be performed on top already existing infrastructures. As part of the secure devices family they emphasize different capabilities with respect to security, usability and the look & feel experience. The set of media utilized offer different solutions in terms of service activation - all easy and cost-effective, ranging from self-activation to Over The Air activation (OTA).
The Mobile Solution enables PIN protected One Time Passwords (OTP), Signatures,
Challenge/Response functionality and other services in strong Two-Factor Authentication schemes.

bySMS

 bySMS is a solution for remote authentication, suitable for Internet banking and Internet shopping. The system consists of a Central System and a SMS gateway plugin. 
The basic version of bySMS offers the same functionality as an OTP Token. The extended version allows you to use a signature of transaction data displayed in the SMS.

InSIM

InSIM is a solution that brings strong remote authentication offering One-Time Password and Electronic Signature. The security application within inSIM is implemented and executed in the SIM card, utilizing the Mobile Equipment (ME) as a terminal via its SIM Toolkit interface.
 

onMobile

onMobile supports a variety of technologies, depending on handset functionality and customer specific security requirements. If available, onMobile makes optimal use of any SATSA Java API, and of Java J2ME Sandbox and Data Integrity support. onMobile is also available as an iPhone and iPod Touch application.

Besides being convenient for the end-user, the authentication service provider may also very cost efficient option to roll-out this strong remote authentication service Over The Air. The end user simply accepts the secure download of the needed cryptographic credentials and the Java program to his or her mobile handset.

Further benefits with the Mobile Solutions

• Easy to understand and use
• Portable, you always have your mobile with you
• Simple to deploy and built upon existing infrastructure
• Prevents Man-In-The-Middle attacks (“Sign-What-You-See”)
• Extensible solution – integrate with SMS, WAP or Java software clients (MIDP)
• Future compatible – you can start off with a Mobile Solution and continue with a smart card solution using the same system