"With Thales' strong heritage and experience within the security and finance industries worldwide, we knew that we would receive the highest quality of product, services and support. We are confident that SafeSign will meet our current and future requirements" - Fernando Yu, Head of Electronic Banking Department, Wing Lung Bank Limited.

Download in PDF »

Thousands of people are enjoying the speed and convenience of Internet banking and it is expected that current user numbers will grow at an outstanding rate of 25 per cent year on year. There is simply no need to waste precious time waiting to make bill payments, fund transfers, or credit card payments, to name but a few of the many diversified services now available online.

As the online banking phenomenon grows, so too does the concern regarding online security. Faced with the challenge of delivering customer services over a growing number of communication channels, banks are finding the basic requirement to authenticate users progressively harder to maintain and manage. Indeed, online banking was threatened worldwide with more than 23,610 phishing reports registered in February 2007, according to the Phishing Attack Trends Report - February 2007 from the Anti-Phishing Working Group.

As a result, the Hong Kong Monetary Authority believes that single factor authentication, such as the use of a static password, does not offer adequate security for high-risk transactions that involve access to sensitive customer information or the movement of funds to other parties. Banks in Hong Kong are therefore required to deploy two-factor authentication, a highly secure method intended to offer greater protection and peace of mind to Internet bankers.

Two-factor authentication is any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication, which requires only one factor (knowledge of a password) in order to gain access to a system. Common implementations of two-factor authentication use 'something you know' (a password) as one of the two factors, and either 'something you have' (a physical device such as a mobile phone, digital certificate or token) or 'something you are' (a biometric such as a fingerprint) as the other factor. By relying on two factors rather than one, the risks associated with Internet banking can be significantly reduced.

Wing Lung leads local banks to deploy token-based two-factor authentication

Recognising the need for strong authentication of Internet banking users and transactions, Wing Lung Bank welcomed the new directive. Following an internal review, Wing Lung Bank decided to deploy two-factor authentication within the NET Banking service. The bank required a two-factor authentication security solution which would integrate seamlessly with Wing Lung Bank's existing e-banking system and have the capability to support load balancing. It was also essential that the two-factor authentication solution supported the use of, but not limited to, hardware tokens, which Wing Lung Bank believes to be one of the most reliable and user-friendly forms of authentication at the moment.

Following extensive research to identify a security solution that would meet its specific requirements, Wing Lung Bank selected the Thales SafeSign solution to deploy token-based two-factor authentication. Wing Lung Bank chose to work with Thales due to the company's strong experience and reputation in the market. Wing Lung Bank was confident that Thales would deliver a robust and scalable security solution that would meet all of its needs both in the short and long-term.

The SafeSign solution

Thales SafeSign is an identity management, user authentication and transaction security solution that enables banks to validate user identities and digitally sign e-business transactions. It is a sufficiently flexible platform to allow every application or business owner to carry out a risk assessment and select a level of security appropriate to that risk. Whilst SafeSign meets Wing Lung Bank's immediate requirement for a token-based two-factor authentication solution, it also provides flexibility for the future. In order to meet changing market and customer needs, SafeSign has the functionality to authenticate credentials provided from a range of sources, such as digital signatures, one-time passwords, SMS messages and EMV cards, as well as various tokens.



Fernando Yu, Head of Electronic Banking Department, Wing Lung Bank Limited, said: "With Thales' strong heritage and experience within the security and finance industries worldwide, we knew that we would receive the highest quality of product, services and support. We are confident that SafeSign will meet our current and future requirements, thanks to its flexibility and scalability. SafeSign is unique in the way that it offers support for multi-factor authentication like tokens, smart cards, SMS and e-certificates that we may wish to introduce in the future to satisfy customers' increasing demand for online banking security. As the leading local bank in Hong Kong to offer two-factor authentication, we will continue with our efforts to provide customers with highly secure online banking service".

Based on the SafeSign architecture and Vasco hand-held tokens, Thales worked closely with Wing Lung Bank to design and implement a two-factor authentication system. Thales ensured SafeSign integrated seamlessly with the bank's existing and future applications whilst dramatically reducing development time and cost. Within six months, Thales helped to plan and implement a system that offers a highly scalable, resilient and extensible platform for the authentication of Wing Lung Bank's customers and high-value transactions.

Reaping long-term business benefits from SafeSign

Through the implementation of SafeSign, Wing Lung Bank will reap a number of long-term business benefits. The enhanced security delivered through multi-factor authentication will encourage the bank's customers to continue with and adopt Internet banking. Fear of online fraud can in many cases drive customers back to in-branch banking which involves banks incurring further costs and does not form part of their long-term strategy. What's more, the SafeSign architecture is unique in providing Wing Lung Bank with the ability to expand the system to accommodate additional authentication methods. As a result, changing customer demands can easily be met and the bank will have the flexibility to embrace new technologies as they emerge. In addition, set-up costs are low as integration is kept simple. The SafeSign infrastructure provides standard interfaces making it easy to integrate into Wing Lung Bank's network environment. Finally, by keeping all authentication, issuance and management centralised, Wing Lung Bank's infrastructure costs will be reduced compared with operating multiple security solutions.

Security is the key to long-term profitability

Wing Lung Bank leads local banks in Hong Kong that put multi-factor authentication forward in retail banking. Internet banking forms a key element of many banks future business strategy and a loss of customer confidence in this transaction channel could have a serious financial impact in the long-term. Banks have an obligation and a business interest in 'knowing' their customers and ensuring that customers have every confidence in the communication channels and security solutions that they provide.

Richard Mallett, Managing Director, Thales Transport & Security (Hong Kong) Ltd said: "Thanks to our successful partnership, we have enabled Wing Lung Bank to provide token-based two-factor authentication for its retail banking customers. Through the implementation of SafeSign, we have delivered a solution that meets all of Wing Lung Bank's current requirements as well as offering them the flexibility to meet changing market needs in the future. SafeSign provides the highest levels of security, as well as being easy and convenient for customers to use."

About Thales

Thales is a leading international electronics and systems group, serving defence, aerospace and security markets worldwide, supported by a comprehensive services offering. Operating in three main markets covering e-security, card payment and network security, Thales' activities address the business, government and finance industries' need for cryptographic security products and solutions. For more than 30 years, Thales has been at the forefront of security and payment technology, co-operating and contributing to set the industry standards used for financial transactions and e-commerce globally. Over half of the world's banks, together with the majority of the busiest exchanges, currently use Thales technology to meet their authentication and identity management needs.

About Wing Lung Bank

Wing Lung Bank, founded in 1933, is among the oldest local Chinese banks in Hong Kong. Strongly committed to its motto of 'Progress with Prudence, Service with Sincerity', the Bank has developed an enviable reputation of providing personalized and sincere service to customers.

The Bank became a listed company in 1980. At 31 December 2006, the total assets of the Bank stood at HK$85 billion. The Bank has a total staff of more than 1,400 and 40 banking offices at present, including the Head Office in Central, 33 local branches, a branch and a sub-branch in Shenzhen, China and two representative offices in China (one in Guangzhou and the other in Shanghai) and two overseas branches (one in Los Angeles, USA and the other in the Cayman Island, BWI).