Presentation is loading. Please wait.

Presentation is loading. Please wait.

Where the security and convenience meet

Published byStella James Modified over 6 years ago

Similar presentations

Presentation on theme: "Where the security and convenience meet"— Presentation transcript:

1 Where the security and convenience meet
MICRO BANKING Where the security and convenience meet PKI SOLUTION FOR eBANKING & ePAYMENT

2 ONLINE BANKING Reduce costs of online banking transaction Convenience
OPOTUNITIES Reduce costs of online banking transaction More services through online banking channel CHANGLLENGES Convenience Security

3 ONLINE BANKING AUTHENTICATION
Most of the banks are using password to protect access the Online Banking Password can be guessed, stolen, hacked … Including with basic techiques like shoulder surfing, dictionary attacks or more complex like Phishing

4 ATTACK ON THE INTERNET Hacker Fake email Phishing Hacker Pharming
Fake Website Trojan Horse Hacker Man in the Middle Fake Website Hacker

5 AN EXAMPLE OF PHISHING ATTACK

6 AN EXAMPLE OF PHISHING ATTACK

7 AMOUNT OF THE PHISHING FRAUT
3.2 Billion USD

8 FIRST CONCLUSION Phishing is effective Phishing is growing
Phishing targets mainly the banks More sophisticated attacks are becoming a reality Password is not an option

9 TWO – FACTOR AUTHENTICATION
Authentication must include one or more of the following: Something a person knows: PIN, password Biometry Hardware PIN, Password Something a person is: biometry Something a person owns: hardware A two-factor authentication includes at least two of these factors

10 WHY BANKS MUST MIGRATE TO STRONG AUTHENTICATION
Push customers to use online banking Compliance with security directives Decrease the direct cost of fraud Avoid bad reputation Customer recruitment and retention I In case of security breach 41% of consumers would switch bank (TriCipher study) FFIEC Banque De France Cơ quan tiền tệ Singrapore. Operations are 100 times cheaper than in branch

11 TWO FACTOR AUTHENTICATION AVAILABLE IN THE MARKET
OTP TOKEN Generate a One Time Password every 60 s or when pushing a button • Mobility • Customer acceptance • No protection against Man in the Middle attack • Weak protection against dynamic phishing attacks

12 TWO FACTOR AUTHENTICATION AVAILABLE IN THE MARKET
SMS Text The bank sends an authentication code to the user’s handset The mobile phone is never far Customer acceptance No protection against Man in the Middle attack (except with return status message) Maintenance is complex and costly (price of SMS, update of phone numbers…)

13 TWO FACTOR AUTHENTICATION AVAILABLE IN THE MARKET
Smart card with unconnected CAP reader After PIN validation the offline reader displays the authentication code Leverage the existing EMV infrastructure No driver to install on the PC No protection against Man in the Middle attack First feedbacks show a lack of convenience Risk of human mistakes (long numbers)

14 TWO FACTOR AUTHENTICATION AVAILABLE IN THE MARKET
Smart card with connected CAP reader After PIN validation the online reader displays the authentication code Leverage the existing EMV infrastructure Provide better protection against Man in the Middle attacks Just a PIN, no long number to enter in the system Require an installation on the PC: no mobility

15 TWO FACTOR AUTHENTICATION AVAILABLE IN THE MARKET
Criteria to select a solution The bank needs to find the best balance between security, convenience and price. Login/Password : THE most used method One Time Passwords (OTP) list & Matrix Cards & OTP tokens CAP/DPA on EMV card + reader Fingerprint reader Challenge response using users mobile Risk management on Back Office

16 TWO FACTOR AUTHENTICATION AVAILABLE IN THE MARKET
Conclusion about the available solutions Conclusion Many solutions exist on the market None seems to be THE solution Each has at least one serious drawback And what if I want To be protected against Man in The Middle? Mobility: driver to auto-install? Customer adoption? Low maintenance cost? Combine between security & service?

17 Where the security and convenience meet
MICRO BANKING Where the security and convenience meet

18 WHAT IS MICROBANKING SERVICE?
1 the authentication operations 3 A dedicated browser for enhanced security and convenience 2 PKI Token/Mobi leToken dedicated to the Online Banking A smart card chip for

19 WHAT IS MICROBANKING SERVICE?
Micro-Banking browser Run automatically and integrated onto middleware Goes to a unique address hardwired in the chip during personalization or configured from Token Management System (TMS)

20 USER EXPERIENCE Access is grant
0: User Plug the Key (PKI Token) & the Usertool and even on Browser is launched Micro Banking Server 1: User chooses the Micro Banking on the left pane of Usertool, enter Login 2: Browser connect the Micro-Banking server through 2-way SSL (client certificate) 3: Micro-Banking server request for authentication 4: Authentication application on the Key ask for PIN 5: PIN is validated in the Key 6: Cryptogram is sent to the Micro-Banking Server Access is grant Each transaction all requires PIN prompt

21 SCREENSHOTS Main Screen Please choose ‘Login’ once used Micro-Banking

22 SCREENSHOTS Choose certificate for login, the corresponding account will be referred

23 Account balance, Account statement
SCREENSHOTS Account balance, Account statement

24 SCREENSHOTS Bill payment

25 SECURITY OF MICROBANKING
1 PKI-based Online Banking (highest security) Client Certificate two-way SSL 2 Each transaction, each CMS PKCS#7 (Cryptographic Message Syntax) 3 4 Used the public certificate, stable & popular 5 Infrastructure in Vietnam market

26 BENEFIT FOR BANK’S CUSTOMERS
Mobility: minor installation on the PC (just 2MB on the Key) Convenience: just a Key, just a PIN code Plug & Play, direct access to your account thanks to our Key, Tomikey-2003U No trace left on the PC

27 BENEFIT FOR BANK’S CUSTOMERS
Feedbacks from customers, they liked Easy of use Dedicated browser: easy and security feeling Protect against Phishing and MiTM

28 BENEFIT FOR BANKS Optimal security: resistant to Phishing, MiTM 01 03 05 Enhance customer trust: attractive new customers & retain existing customers 02 Enhance branding: image of reliability and proximity with the customer Scalable for future options: digital vault storage 04 Optimal cost per user

29 BENEFIT FOR BANKS 6 Available supported basic bank functions like Check Balance, Account Statement, Fund Transfer and Bill Payment 7 Ease-2-extend other functions like Online Saving, Lending Service, Card Service based on bank requirements 8 Implementation just takes 10 working-days for integrated to Bank ServiceBus

30 TIME TO ACCESS: SO CONVENIENT
Time of access is critical to increase: Traffic of internet banking services Customer satisfaction Password OTP token Unconnected CAP reader Connected CAP reader SMS Text Micro Banking Number of user’s actions 6 8 7 2 Average time 45s 1mn 10s 40s 1mn 20s 20s Micro Banking offers fast access thanks to: Real-time access Real-time alarm

31 WHY SHOULD YOU CHOOSE OURS?
Just requires little installation on the PC The best price compared to competition Developed by security-expert Partners to provide servers or integration services Supported by Tomica that can be remotely Personalized, Managed

32 TRIAL PACK FOR BANK 2 1 TRIAL PACK PROOF OF CONCEPT 1 ePass2003
2 months access to an demo service based on Supported by TOMICATM 5 ePass2003 Implemented the CAG360, Micro-Banking on bank facility (just takes 10 working days) Supported by TOMICATM

33 Token Management System Centralized Authentication Gateway
SYSTEM STRUCTURE Token Management System Core Banking (ServiceBus) User Tool on the Key Micro-Banking System CAG360 Centralized Authentication Gateway

34 where the security and convenience meet
DEMO MICRO-BANKING where the security and convenience meet PKI-Based Online Banking, supplied by TOMICALAB & maintained and operated by just Bank QUESTION?

35 STILL IN PROGRESS Integrated on iOS, Android, Windows Phone with Tomikey-2003A & SIMCA Integrated fully on MACOSX and Linux Trend to micro-payment and eInvoicing together

36 CONTACT US MINH THONG CARD SOLUTIONS CO., LTD
Address: 16/2 Ter Dinh Tien Hoang, Da Kao Ward, 1st District , Ho Chi Minh City Website: Hotline :

Download ppt "Where the security and convenience meet"

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.

1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
1 Cypak core technology A new, cool and convenient way to identify your customers Combat fraud and keep your customer happy.

1 Cypak core technology A new, cool and convenient way to identify your customers Combat fraud and keep your customer happy.
Available on Laptop ,Desktop, Tablets & Mobiles & Varied Platforms such as Windows, MacOS , iOS , Android, Linux as well as Launching of New services.

Available on Laptop ,Desktop, Tablets & Mobiles & Varied Platforms such as Windows, MacOS , iOS , Android, Linux as well as Launching of New services.
E-banking.

E-banking.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.

Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.
Mobile One-Time Password. Page 2 About Changingtec -Member of group -Focus on IT security software CompanyChanging Information Technology Inc Set upApril.

Mobile One-Time Password. Page 2 About Changingtec -Member of group -Focus on IT security software CompanyChanging Information Technology Inc Set upApril.
VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.

VeriSign® Identity Protection (VIP) Overview. 2 2 VeriSign Confidential Trust on the Internet is More Compelling Than Ever 1.5 billion Internet users.
SPS Donate Now VT. Donate Now Test Account Please use the following test account when you are conducting a demo of the Donate Now VT with your merchant:

SPS Donate Now VT. Donate Now Test Account Please use the following test account when you are conducting a demo of the Donate Now VT with your merchant:
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
E-banking in Hong Kong Financial institution in Hong Kong Group 6.

E-banking in Hong Kong Financial institution in Hong Kong Group 6.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Similar presentations

Ads by Google