homesite mapcontact search
Newsroom   
Careers   
Solutions     
Products & Services    
Support    
Whitepapers     
Case Studies    
Alliances     
Sales     
Offices     

Articles

Managing Identities
Paul Meadowcroft, head of transaction security at Thales e-Security, believes that to prevent fraud banks must avoid complex transaction applications and instead opt for a single platform approach.


The ever-increasing variety of technological innovations in the transaction world is allowing banks to offer their customers greater security, easier transactions and a wealth of other benefits. Whether it’s EMV Chip and PIN, mobile payments or what might now be termed ‘plain old’ internet banking, the banking industry is having to invest vast sums at an alarming pace. However, while almost all of these technologies are designed to enhance their customers’ banking experience, the banks themselves are facing enormous internal challenges.

Gone are the days when the transaction channels on offer to customers could be counted on the fingers of a hand. Today, banks have to deal with their consumer and business customers through an extremely varied and growing number of channels. This has meant that the front end of a typical bank’s transaction system has mushroomed. To cope, banks have had to create a middle layer of transaction applications. While the middle office has clear advantages in terms of allowing limited change to back office systems to cope with new technologies such as EMV, it has turned a typical bank’s transaction infrastructure into a complex network of front office, middle office and back office systems.

Such complexity is and will increasingly become extremely harmful. The threats include failure to manage customer identities, gross inefficiency, lack of management visibility and an increased likelihood of fraud, especially internally. As several of the larger banks are already recognising, this has led to a critical need for a more strategic approach to middle office authentication and identity management.

At the moment banks are using multiple point solutions to deal with authentication on each channel. Just to add to the complication, these solutions have typically been developed by different groups and departments within the bank. This has meant that as the number of point solutions has grown, it is increasingly costly and difficult to manage them.

Equally, the number of identities available to the individual has also increased. For example, not only might an individual have an enormous range of accounts and touch-points with the bank but also these identities are unlikely to be uniform. Therefore, in terms of risk, a bank’s reaction to a £100 payment is going to be completely different to the transfer of £10m between two accounts. For the £100 payment it may be enough to know the funds are available in the account, but no further proof of identity may be necessary beyond a signature or possibly password if an internet transaction. Yet in the £10m transaction a bank will require the highest levels of authentication available, usually in the form of some extra token-based system to add the “something you have” element to the “something you know”. The reaction from banks to multiple identities has once again been to develop multiple point solutions..

A strategic approach to transaction authentication and identity management will remove this complexity through the use of a single platform between the front end and the back office. This middle office platform would mean that the costly process of changing or replacing any of the front or back office systems need not happen. Instead, all transactions, whatever their source, could be authenticated on a single platform that is seamlessly integrated with the front and back office systems.

The advantages of this approach are twofold. Firstly the bank would be able to manage all its transaction channels from a single platform, dramatically improving ease of management. Combined with this is the ability to embrace new transaction technologies and channels without needing to implement a new platform and most importantly without compromising existing security. Secondly, a single centralised platform will have significantly lower total costs of ownership than employing multiple platforms.

But the benefits of taking a strategic approach are not limited to dealing with multiple channels. As BACS have demonstrated to critical acclaim over the past year, it is also possible to use a single middle office authentication server to process transactions from multiple trust schemes. Regardless of whether it is an existing authentication token or EMV smart card or PKI scheme such as Identrus or any one of the home grown PKIs that banks have locked away unused, it is possible for a single middle office system to perform the appropriate authentication and message validation.

Finally, the power of a single middle office authentication platform can be combined with a centralised identity management system. Together a bank will be able to provide the appropriate level of identity management and authentication on a flexible platform. This enables the banks, based on risk assessments of the business applications, to select the approprate amount of authentication required for individuals. As the single platform is able to authenticate all trust schemes, the bank is able to apply whatever level of authentication it deems satisfactory. More importantly, it can change this as often as required with no cost implications for the authentication systems.

In today’s e-business world, banks need a flexible and dependable trust model. Crucially this solution must be able to grow organically as organisations grow and at the same time seamlessly embraces new transaction technologies and channels. Yet all this can only be possible if robust security that is as easy as possible on users and system managers alike is maintained. Such a strategic end-to-end authentication system is one that has the power to help banks remain competitive, reduce costs and manage complexity.
Articles
           © Thales 2007         Legal Notice