xinfotech_authentication_ecommerce_ebanking
DESCRIPTION
Two-Factor Authentication Future-proof The number of Internet frauds has increased rapidly over the last few years. This is a threat to all institutions that provide online banking, shopping, gaming etc. Successful frauds do not only have immediate financial implications, they can also lead to bad press and customers cancelling their service, leaving for a more secure one. X Info Tech, as a Two-Factor Authentication, offers protection from all existing kinds of fraud attacks.TRANSCRIPT
Bank growth and profitability is linked to eBanking. Customers prefer online banking because it is more flexible than
high street or phone banking, and it offers banks the opportunity for growth and cost savings. However, eBanking
depends on secure authentication and user trust.
X Info Tech is a one-stop shop for complete eBanking security solutions, including hardware, software, consulting
and design, training, maintenance and support as well as device customization and fulfillment. With global reach
and unique technology,
Future-proof
Don’t start with a dead end. When it comes to
remote banking authentication, you need a system
than can grow with you. X Info Tech lets you deploy
a low-cost, simple system today and still provide an
upgrade path for the future.
System supports a wide variety of Two-Factor
Authentication solutions, including:
One Time Password (OTP).
Double Authentication.
Challenge-response.
Sign-What-You-See.
Secure Domain Separation.
Dynamic Signatures.
Electronic Signatures.
The system is completely flexible, allowing you to
mix and match users with different devices and
authentication schemes. This approach simplifies
your backend IT while maximizing flexibility.
For example, System lets you get started with
Printed Card or Scratched off Card or simple One
Time Password (OTP) Token and, as risks and
markets change, seamlessly upgrade to more
advanced devices. You can even offer other service
providers a multi-issuer authentication service using
your authentication system.
The result is a system that lets banks balance the
demands of cost, usability and security over time. It
is low-risk, scalable, secure, flexible and, above all,
future-proof.
Two-Factor Authentication
The number of Internet frauds has increased rapidly
over the last few years. This is a threat to all
institutions that provide online banking, shopping,
gaming etc. Successful frauds do not only have
immediate financial implications, they can also lead
to bad press and customers cancelling their
service, leaving for a more secure one.
X Info Tech, as a Two-Factor Authentication, offers
protection from all existing kinds of fraud attacks.
The recognized factors for Two-Factor Authentica-
tion are:
Something you know, such as a password
or a PIN.
Something you have, such as a smart card,
security token or mobile phone.
Authentication solutionfor e-COMMERCE and e-BANKING
One time password
Authentication solution includes generation of an
OTP – One Time Password. The OTP can be
generated on a smart card (presented by a secure
device), token, mobile phone or sent by text
message.
The OTP is entered by the end user and verified by
the authentication System. OTP prevents the
following attacks: Key logging, Screen logging and
Shoulder-Surfing. By the time the attacker sees
the OTP being entered, it is already too late, since
the OTP is already used and not valid anymore. If
the OTP is logged or recorded in any way, it is of
no value to the attacker since it is only valid once
and only at the time it is used. OTP combined with
a password and/or a PIN is one way obtaining
Two-Factor Authentication.
Benefits using the Token based approach
Cost effective devise.
Provides strong two-factor authentication
together with online password.
Low logistic costs.
Portability: Token is small and portable -
convenient to bring with you at all times.
A single press on the button generates a One
Time Password.
User-friendly functionality.
Quick roll-out.
Smooth personalization, personalize a whole
batch in factory or a single device at the bank
office.
Compliance to standards
ISO 13491-1 (Banking Secure cryptographic
devices).
ISO 8732 (Key generation).
ANSI X9.32 (Data Encryption Standard).
ISO 11568 (Key management).
ISO 9797 (Message Authentication Codes).
Benefits using the Reader based approach
No need for personalisation of the reader, as
the secrets are kept in the smart card.
Identical terminals, which do not require any
security handling and therefore are easy to
distribute.
Portability: Reader is small and portable -
convenient to bring with you at all times.
User friendly functionality.
Future and backward compatible - the firmware
of reader is independent of changes in the EMV
specifications or other smart card specifica-
tions.
Multiple services can be performed with
the same reader.
Dynamic Signatures capability, increasing
security when signing transactions.
Separate function keys, enables Secure
Domain Separation
Large display allows long One-Time Passwords
and Signatures.
Fully compliant with industrial standards such
as 3-D Secure CAP, MasterCard SecureCode
CAP, VISA dynamic passcode authentication,
German Sm@rt TAN and Taiwanese FISC II.
Compliance to standards
ISO 7816.
MasterCard SecureCode CAP.
3-D Secure CAP.
APACS.
VISA dynamic passcode authentication.
Taiwanese FISC II OTP.
Proton Balance Reader.
Certifications
EMV level 2 (3-D Secure CAP).
EMV level 1 (EMV 2000).
CE.
Mobile Solution
The Mobile Solution is a set of different
technologies allowing authentication to be
performed through already existing infrastructures.
As part of the secure devices family they
emphasize different capabilities with respect to
security, usability and the look & feel experience.
The set of media utilized offer different solutions in
terms of service activation - all easy and cost-
effective, ranging from self-activation to Over The
Air activation (OTA).
The Mobile Solution enables PIN protected One
Time Passwords (OTP), Signatures,
Challenge/Response functionality and other
services in strong Two-Factor Authentication
schemes.
bySMS
bySMS is a solution for remote authentication,
suitable for Internet banking and Internet
shopping. The system consists of a Central
System and a SMS gateway plugin.
The basic version of bySMS offers the same
functionality as an OTP Token. The extended
version allows you to use a signature of
transaction data displayed in the SMS.
InSIM
InSIM is a solution for unconnected remote
authentication, offering One-Time Passwords and
Electronic Signatures. Basically, it implements the
same functionality as its siblings within the product
family. However, the major difference is that the
security application within inSIM is implemented
and executed in the SIM card, utilizing the Mobile
Equipment (ME) as a terminal via its SIM Toolkit
interface.
onMobile
onMobile supports a variety of technologies,
depending on handset functionality and customer
specific security requirements. If available, onMo-
bile makes optimal use of any SATSA Java API,
and of Java J2ME Sandbox and Data Integrity
support. onMobile is also available as an iPhone
and iPod Touch application.
Reduce Cost - Over The Air Deployment
Besides being convenient for the end-user, the
authentication service provider may also very cost
efficiently roll-out this strong remote authentication
service Over The Air. The end user simply accepts
the secure download of the needed cryptographic
credentials and the Java program to his or her
handset.
Further benefits with the Mobile Solutions
Easy to understand and use.
Portable, you always have your mobile
with you.
Simple to deploy and built upon existing
infrastructure.
Prevents Man-In-The-Middle attacks
(“Sign-What-You-See”).
Extensible solution – integrate with SMS, WAP
or Java software clients (MIDP).
Future compatible – you can start off with a
Mobile Solution and continue with a smart card
solution using the same system.
Our office address: Daugavas iela 38-3, Mārupe, Mārupes nov., LV-2167, Latvia
Tel: + 371 67930171, Fax: + 371 67930172, [email protected]
www.x-infotech.com