Upload
shaillender-mittal
View
1.446
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 1
BANKING 2.0: TOWARDS NEXT GENERATION INTERNET
BANKING EASE OF USE OF ATM WITH THE FLEXIBILITY OF INTERNET BANKING
he economic and competitive environment of
today puts an increasing pressure on Banks &
Financial Institutions (Banks) to increase
revenues and reduce costs. This can be done by
increasing customer acquisition and providing
excellent customer service using cheaper channels.
Over the past few decades, technology has transformed
the way Banks do business. They are operating on 24x7
and 365 days basis. Now they do not need physical
proximity to reach out to their customers and can service
them in any nook and corner of the world.
The technology revolution of new channels for banking
started with the ATM. The convenience of the ATM
transformed the cash dispensing aspect of Banks.
Internet Banking leveraged the Internet channel to
enable the customers to access their bank from the
comfort of their homes. The 3 most critical drivers for
Internet Banking have been:
1. A channel that still offers the lowest cost per
transaction
2. Offering services to customers without any
geographical limitations - increasing customer
reach
3. On demand Banking – customers are in touch
with the bank always at any time of the day
FUNDAMENTAL BARRIERS
As more and more banks offer Internet Banking, the
distinction between the services offered by them have
diminished. Additionally, the Customers’ PC and the
Internet have become the favorite hunting grounds for
people and organizations with malicious intent to steal
identity and information of the Banks’ customers and
commit fraudulent activities.
Unlike ATM, the browser acts as an Internet Banking
channel for any bank and the Bank does not have any
control over the integrity and security of the browser or
the Internet channel. Hence the Bank cannot brand it and
neither can protect its customers from man-in-the-
middle and man-in-the-browser programs. Neither can
the Bank control the processes running on its Customers’
PC which can steal the Login/Password/OTP data of the
customers.
The use of email by the bank to communicate with its
customers has led to a spate of phishing attacks with
somebody else impersonating the Bank to steal
customers’ personal information and logon credentials.
Owing to this a lot of customers today are afraid of doing
Online Banking and the Banks are unsure whether the
millions of transactions hitting their server everyday are
from genuine Internet Banking customers or from a
fraudster. These reasons create a fundamental barrier for
the bank to effectively utilize the Internet as a banking
service delivery channel.
EXISTING SOLUTIONS
A lot of products such as RSA/Vasco/VeriSign hardware
tokens, Risk-based Authentication, Device Fingerprinting,
PKI client certificates claim to provide a solution to these
problems. But despite having these products:
1. Has the Bank’s business increased?
2. Has the Internet Banking usage increased?
3. Have the Bank’s costs reduced?
4. Have the products really solved the security
problem?
INTERNET BANKING 2.0
What if the Bank could have a technology that:
1. Provided features of an ATM - “branded secure
transaction machine” (except cash dispensing)
2. was simple to use, similar to ATM, hence would
not require any additional customer education –
use your PIN and do banking
3. retained the flexibility of Internet (browser
based) Banking
4. would allow the bank to securely communicate
with the customer, eliminating the use of emails
and other insecure channels
5. would allow the bank to market new products
and services, and that too personalized
6. was based on military grade security technology
(and 2FA enabled)
7. the customers could carry with them in their
pockets!
T
BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 2
REL-ID TRUBANK 2.0
The REL-ID TruBank 2.0 is a USB-based custom-branded
delivery channel that can be used by banks to offer
services to their customers.
The TruBank 2.0 consists of the following:
1. Custom-branded browser application for
provisioning of various services to the customers.
2. Built-in REL-ID Mutual Authentication Protocol to
create a mutually authenticated secure channel
over the internet.
3. Rel-ID TruToken for 2-factor authentication
4. Dedicated Customer Care Channel for secure
communications with customers.
5. Secure Desktop Technology for protection
against malicious programs on the User’s
machine
6. Secure Transaction Authentication, Verification
and Signing
7. Out-of-Band Authentication using Mobile SMS
One-Time-Password Solution
8. TruSite Website Authentication Technology
REL-ID POCKET BANKING MACHINE FEATURES
1. Branded Secure Browser
a. Look and feel of the TruToken Browser can be completely customized/ personalized.
b. Banks can market new products and services to the customer
c. Banks can securely communicate with the customers (optional chat and messaging tool for sending
account statements etc)
d. Removes the security vulnerabilities like man-in-the-browser attacks of Internet Explorer/FireFox etc.
2. Agile
a. TruBank 2.0 USB form factor provides for maximum mobility
b. Can be totally remotely managed
c. Can be optionally installed on Personal Laptop’s and Home PC’s
3. Uses military grade security technology
a. Built-in multi-factor authentication technology (TruTokenTM
) which is based on REL-ID Mutual
Authentication Protocol (RMAP)
b. Identity credentials (Login-ID/Password/PIN etc) are NOT transmitted over the communication
channel – hence providing protection from the most sophisticated attack vectors like man-in-the-
middle attacks
c. Provides end-to-end encryption over and above SSL
d. Creates a run-time secure desktop environment to protect from Man-on-the-machine/key-logger
attacks
e. Provides transaction signing, verification and authentication features over a separate channel
REL-ID TRUBANK 2.0 BUSINESS BENEFITS
1. Introduces a new channel (a game changer) that combines the best of ATM and internet banking channels
while removing the vulnerabilities and limitations of both
2. Significantly reduces transaction costs
3. Banks can promote new services and products, that too personalized
4. Based on military grade security providing end to end security without compromising on agility
5. Significantly improves customer trust, communication and hence retention
6. No change in user behavior, since using TruBank 2.0 is similar to using an ATM and normal Internet Banking,
hence very little or no customer education required
BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 3
REL-ID POCKET BANKING MACHINE SCREENSHOTS
TRUBANK 2.0 WITH TRUTOKEN
Secure Customizable Browser
(protects from man-in-the-browser attacks)
Built-in 2FA Mutual Authentication Token
(provides for additional user authentication)
Dedicated Customer Care Channel
(protects from email attacks)
USB Form Factor for mobility
Internet
Bank’s Server
RMAP+SSL Channel
Mutual authenticated connection
(protects from man-in-the-middle
attacks)
Secure Desktop
(protects from
trojans/password
sniffers)
TRUBANK 2.0 WITH INTEGRATED CUSTOMER SERVICE APPLICATION AND SECURE MESSAGING
BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 4
FUNDAMENTAL BARRIERS OF INTERNET BANKING 1.0
Browser is an universal client unlike an ATM,
hence you cannot brand it, and protect it from
man-in-the-browser programs
You cannot control the processes running on
the OS - Trojans (password sniffers) can read
the login/password/OTP data
Customer PC
Bank’s Server
Internet
Hacker’s Machine
Unauthenticated connection –
resulting in man-in-the-middle
and phishing attacks (making
OTP ineffective)
Transactions cannot be
digitally signed, resulting in
non-repudiation issues
Fraudulent Emails
Start your relationship with us | www.uniken.com | [email protected] | US: +1 (813) 943-3552 | India: +91 (020) 20250003
COPYRIGHT © 2007-09 Uniken Systems Pvt. Ltd. 052009
All rights reserved. No part of this work may be reproduced, stored in a retrieval system, adopted or transmitted in any form or by any means (electronic, mechanical,
photographic, graphic, optic recording or otherwise), translated in any language or computer language, without the prior written permission of Uniken Systems Pvt. Ltd.
Due care has been taken to make this document as accurate as possible. However, Uniken makes no representation or warranties with respect to the contents hereof and
shall not be responsible for any loss or damage caused to the user by the direct or indirect use of this document. Furthermore, Uniken reserves the right to alter, modify
or otherwise change in any manner the content hereof, without obligation of Uniken to notify any person of such revision or changes.
REL-ID, REL-ID Logo, REL-ID Tag Line, TruToken, TruSite are registered trademarks of REL-ID Technologies, Inc. a wholly owned subsidiary of Uniken Business Solutions,
Inc.