e-banking_presentationv by domainlawyer

VIEWS: 22 PAGES: 23

									Leveraging on EMV cards for One-Time-Password authentication

Istvan Botos Business Development Manager CEE Network Identity Solutions 19th September 2006

Agenda

 Online banking market overview  Authentication Solutions based on EMV Smart Card  Banking Card (CAP Authentication) Use Case  Advantages of use EMV Smart Card for Authentication  Introduction of GemAuthenticateTM

19th,September 2006

2

Online Banking Market Overview

19th,September 2006

3

e-Banking Definition
 Financial Services delivered through Internet and others remote channels
 Online Banking, Phone Banking / IVR, Mobile Banking  e-commerce

 Scope
Retail Banking (B2C) Corporate Banking (B2B)

Strong user authentication required

19th,September 2006

4

A Phenomenal Growth (European Market)

• Top countries : UK, Germany, Netherlands and Nordic Countries • Strong uptake in Southern Countries : France, Italy, Spain, Greece and Turkey  60 million of European currently bank on-line (20% of European population)*
* Source: Forrester Research (2003)
19th,September 2006 5

Online Banking – A mass adoption
Number of Online Banking users in 2004 (source: e-paynews.com) 70 60 50 40 30 20 10 0 Western Europe United States Japan Asia-Pacific (exc Japan) Rest of the w orld

Top UK Online Banks (Mill.) HBOS : Lloyds TSB : RBS : Barclays : HSBC : 2 3,1 4 4,5 2,2

Source : Journal du Net

Online banking (France) C.Agricole : S.Générale : BNP : BFBP : Crédit Lyonnais : 2,2 1,1 1,1 0,9 0,8

Source : Benchmark Group

19th,September 2006

6

Market Drivers
 Operational Cost Savings (transactions)
 On-line banking transactions cost is 0.03$ versus ($0.50) for ATM or (1.30 $) for branches *

 Password Management Costs Savings
 Forgotten pwd, pwd reset …
 10% of customer / month (source HBOS)

 Customer Acquisition
 Attract the increasing number of Internet Users  Active People (who on-line banking equals gain of time)

 Customer Retention
 A rich on-line banking offer improves the stickiness of the bank

 Decrease Fraud business impacts
 Brand image  Drop in Consumer confidence  Costs  Barrier to online banking services growth

 Regulations / Recommendations

 Standardization
 Chip Authentication Program (CAP)  OATH

 3D Secure deployment (e-commerce)
19th,September 2006

*source InfoAmericas 2001 7

The challenge - Balancing Convenience, Security & Costs  Solution should take into account Consumer Market specificities
 Simple to use  Portable – can be used @work, @home, @cyber café  Variety of customer profiles (young's, business man, …)

 Security level should be adapted according to the associated risks
 Account Consultation vs. Fund Transfers  Transfer Amounts, Transfer Destination (internal, external, abroad)

 Minimized Total Cost of Ownership
 Acceptable deployment effort  Reusable over others banking channels  Solution should fit in a long term strategy

19th,September 2006

8

Authentication Solutions based on EMV Smart Card

19th,September 2006

9

Powerful Concept
Leveraging the EMV Cards for OTP authentication
 Principle: Use of the EMV Smart Card functionalities to authenticate cardholder  The customer uses his own Banking Cards to
 Log-in to the online banking  Perform Transactions such as fund transfer or e-commerce

 Based on field proven One-Time-Password  2 Factor Authentication
 Customer needs his Banking Card & his PIN code Something I own (Smart Card) and Something I know (PIN)

19th,September 2006

10

Main advantages
High Security Level Reduced cost of ownership
 Use Generic Smart Card Reader (no cardholder data)  Authentication data are stored in the Smart Card  Requires no heavy & expensive PKI infrastructure (certificates, PK application on smart card, etc.)

Leverage EMV investment
 Make use of the EMV application, already available in ROM  Works on all range EMV Smart Card  Open Solution with Emerging Standard

Can be used to secure online payment as well as online banking A growing number of financial institutions are looking for EMV based authentication solutions
19th,September 2006 11

Banking Card (CAP Authentication) Use Case

19th,September 2006

12

OTP Log-in

PIN xxxx? 1683777

   
13

User asks for an OTP by pressing « code » PIN code is checked locally by the Smart Card The OTP is generated by the card & entered manually by the user no more “static” password
13

19th,September 2006

Transactions Signature
 Cardholder is requested to confirm his/her funds transfer

 Cardholder enters his banking EMV Smart Card in the Reader
 Cardholder press”Sign” on the reader keypad  Cardholder enters transaction parameters
 Challenge,  Amount, …

 Cardholder enters PIN code
 The EMV Smart Card generates a dynamic, non reusable and unique transaction signature  Signature is displayed by the reader  Signature provided manually to the application

 Signature is verified by OTP is verified by GemAuthenticateTM platform

19th,September 2006

14

Secure Transactions

Transaction parameters
3035107 xxxx ? PIN 32500 239

Transaction Signature
19th,September 2006 15

Advantages of use EMV Smart Card for Authentication

19th,September 2006

17

Standard and Endorsed Solution
Available for both MasterCard & Visa cards  Based on MasterCard Chip Authentication Program (CAP)
 Specifications finalized in 2004

Endorsed by an increasing number of bank associations
GIE Cartes Bancaires APACS (UK) Interpay (The Netherlands) …

Allow interoperability
Cards & readers from different vendors can be mixed

19th,September 2006

18

Key Advantages
 No impact on the customer culture – so high adoption rate  As easy as getting cash or make payment at Point of Sales  No more password to remember  Work whenever and wherever needed  Reader extremely simple to use
 Life time ~5 years (+ replaceable batteries)

 Minimal deployment effort
 Deployment process already in place  Reuse of Card lost/stolen process

 Authentication data
 Loaded during banking card manufacturing  Could be done for the entire portfolio

19th,September 2006

20

Introduction of GemAuthenticateTM

19th,September 2006

21

GemAuthenticate Overview
Strong Authentication Solution for Banks

Online Banking Phone Banking IVR

Strong User Authentication Solution

Online Payment (3D Secure)

Any E-services

A multi-devices and standard user authentication solution for retail & corporate banking
22

19th,September 2006

22

Support of large choice of tokens
Fitting to your business requirements

19th,September 2006

23

Gemalto, Your Best Partner
 Flexible & Standard Solution Provider
 Multiple authentication methods – allow customer segmentation & smooth migration towards higher security scheme  Broad Form Factors  Compliancy with market standards (CAP, OATH, PKI)

 Supply chain
 Readers/Tokens mass personalization & fulfillment

 Customization capabilities

19th,September 2006

24

Thank You !

19th,September 2006

25


								
To top