Banking information Security System
The XELIOS BAFIS solution covers the following:
- Remote access.
- Logical Authentication of bank staff.
- Data Encryption.
- Secure management of digital certificates.
- Fraud: Skimming and Phishing.
Security on remote access Issues
Ensuring security for remote users is essential in today’s enterprise and is exemplified in the financial institution. The financial institution has an obligation is to verify the individual’s identity and credentials used during a transaction can only be used once. The simple placement of a fingerprint on a sensor ensures only the genuine individual is granted access.
The specialized, military grade sensors utilized in BAFIS have secure logic and storage functions to ensure that only the correct fingerprints will open the secure partition and generate a user certificate. This eliminates any known technique to intercept and substitute data.
Today’s financial institution requires integration compatibility with existing authentication systems. Xelios has experience integrating with the facto standard applications such as Tivoli and RADIUS as well as in-house proprietary solutions.
Logical Authentication of on premises staff Issues
Today’s financial institution requires a fully scalable authentication method that dynamically adjusts to the volume of demand. The method should allow secure authentication of users who are connected within the facility and comply with applicable mandates and regulations. The solution should be interoperable with the existing infrastructure to meet within established acceptable budgetary constraints.
To satisfy the requirements of our financial services clients we provide the highest level of security while simultaneously reducing the burden on staff to perform their duties in a secure manner. Utilizing a combination of card or token (what I have) + Fingerprint Biometrics (what I am) + PIN (what I know) the authentication can match the specific task at hand. Generally, the critical and sensitive tasks will utilize a tri-factor authentication while less sensitive, but still private tasks will employ bi-factor authentication (e.g. fingerprint and SmartCard) Utilizing fingerprint authentication ensures genuine user identity. The BAFIS audit trails are in compliance with the rules of GLBA, SOX, LSF and LOPD, and the flexible framework supports the evolution of both mandated regulations and internal polices most effectively.
The BAFIS solution has proven to be fully interoperability with existing IT infrastructure and has unparalleled ease of use for IT Managers to assume full control after three days of training.
XELIOS has responded to all requests regarding bank authentication regulations (GLBA, SOX, LOPD, etc.), and meets or exceeds the speed and handling requirements of the day to day business with uncompromised levels of security.
Many RSSIs of financial organizations have understood that job protection is not enough if it is limited to the Primary Login (Windows Login) of the position. It is essential to have traceability of the use of an identity for each start-up, to reserve access only to authorized people.
The SSO tool, added to fingerprint recognition, ensures this traceability effectively and with full compliance with the LOPD. To guarantee permanent identity control, a single protection for the user’s main session at their workplace is no longer enough, but it is essential to request a new identity control to start the bank internal applications that contain customers data.
The main session is protected by Card + Pin + Bio. The bank has chosen a scaled system for the applications where only the card and biometric data are requested again, to provide flexibility of use for users. The great obligation is to guarantee perfect interoperability with the existing system (especially with internally developed applications and the various applications on the market). The objective is not to not modify the bank current IT infrastructure so as not to exceed the budget. XELIOS has been able to provide an SSO solution that offers compatibility with more than 200 different applications on the market such as SAP, Microsoft Exchange, SQL Server, emulators, Citrix Metaframe…
This Access automation also allows to increase the security of passwords. If the user’s fingerprint and SIM card allow re-entering of the password for a secure application, the user will not have to memorize their password. This enables, in the event that the system is attacked and in the event of an attempt to dodge the authentication systems, to stop (or ban) entering the system by asking the «hacker» for the RSA key. Automating access and strengthening password security are essential stages in the installation of the security system.
Encryption of sensitive data
Encryption of the data to increase confidentiality is an issue that constantly appears as a concern to the financial institution. When information is shared between authorized end points it should be guaranteed that digital information does not leave the bank. In this case, it should be the identity of the person authorized that allows the real time decryption by just placing their finger on the sensor.
Confidentiality of data is paramount. A solution is most effective when encryption is transparent to the user, can be shared and is secure enough to prevent the information from leaving the entity in which it is stored. The engineering teams of Idemia (formerly Safran Morpho), cryptography experts, and XELIOS, specialize in the integration of protective devices within the information systems that meet all these demands with excellent results.
Institutions utilizing a PKI and where each user has their digital certificates, the encryption system is secured based on the authentication system (Fingerprint + SIM card) and the use of user digital certificates. The role of the certificates is to keep the encrypted data within the institution.
Therefore, if a user copies the encrypted data onto their USB key (which is encrypted automatically), they will only be able to use that data in that bank site.
Tracking the use of certificates Issues
We must link the bank users certificates to the authentication system and to allow better control over the identity of the staff sending e-mails. Increasingly, as more certificates are used this implies that if a session is active anyone can use those certificates.
With our solutions, you must submit your fingerprint to unlock the certificate and be granted the assigned rights.
Skimming and Phishing are increasingly becoming critical challenges to the financial institution. Currently most of the functionality of automatic teller machines (ATM) is based on customer recognition through credit/debit cards and a corresponding secret key (PIN). This system raises a number of safety deficiencies as these cards can be stolen, forged or lost. This results in additional costs to the institution beyond the original fraud as resolution customer support to manage these issues has its own costs.
XELIOS eliminates fraud by use of a military grade biometric sensor called the BioPAD ® device. This device allows undeniable user identification by recognizing a fingerprint in a completely secure and closed environment.
This sensor has been specially developed to work with all manner of fingerprints from both young and old, blue and white collar workers. A fake finger cannot penetrate the sensor security layers and even an amputated finger will be rejected in less than 3 seconds.
Once the user has been identified, he/she can access banking services in the ATM without using a card. By using biometric technologies for identification and validation of users it increases system security and eliminates the risk of theft or fraud that occur today with current credit/debit cards (Skimming).