Co-operative Financial Services (CFS) is a United Kingdom (UK) financial services business for corporate and private individuals. A part of the Co-operative Group, CFS has over 8 million customers and offers a range of financial products including Internet banking. CFS is committed to being an ethical, environmental and community leader and has developed unique ethical policies based on input from members and customers.
Online banking is arguably the most convenient channel for customers to interact with their bank. Online banking has become an increasing way for a bank and its customers to suffer fraud.
CFS realised that strong authentication was essential to secure its Internet banking site. An insecure Internet banking site would be damaging to one of CFS’ greatest assets — the trust in its brand. Any strong authentication solution needed to be easy to deploy, interface with the myriad of CFS’ banking systems and fit into its Service Oriented Architecture. Finally, the solution needed to utilise the bank’s credit and debit cards with Europay, MasterCard and Visa (EMV) chips as the primary authentication method for retail customers.
After extensive research and evaluation, CFS selected HID Global’s ActivID® Appliance for its online banking needs. ActivID delivered the security CFS needed and the convenience its customers demanded.
Online banking increases fraud exposure
When a financial institution offers online banking, the risk of fraud increases. Fraud data in the UK illustrates this point as online banking became mainstream. Reported online banking losses in the UK rose from £23.2m in 2005 to almost £60m in 2009. The reported number of “phishing” attacks, where customers are led to fake bank websites via an email that looks legitimate rose from 1,700 to 51,000 in the same period.
Under this backdrop, CFS saw an increase in fraud attempts and fraud. New attacks could originate from anywhere in the world (as opposed to the traditional in-person or intra-UK telephone fraud efforts).
Customers were increasingly demanding higher standards of security from their card issuer
CFS realized it needed a strong authentication solution that could be rapidly deployed to protect one of its most valuable assets: the CFS brand. In addition, customers were increasingly demanding higher standards of security from their card issuer. CFS also needed a solution that would not impact operations and meet all of the relevant industry regulations, such as PCI compliance. A strong authentication solution that was too complex would inconvenience customers and negatively impact the customer service levels that are core to CFS.
Campaign against fraud
CFS acted quickly and reached out to the marketplace for a solution. After evaluating all options, CFS selected HID Global’s ActivID Appliance to protect their customers and shut down fraud in its online channel.
CFS selected ActivID because it allowed CFS to:
- Provide strong authentication to address user demands for convenience and portability, while simultaneously reducing the cost of deployment and operations
- Streamline compliance via a centralised audit trail for customer transactions across channels and products
- Provide a strong authentication platform for future growth
- Easily interface its new strong authentication solutions to CFS’s legacy bank systems and the Internet Banking solution.
After deploying ActivID, CFS saw fraud levels drop. Once ActivID was deployed, retail banking customers used their existing Visa branded bank cards for online banking. Customers would use a token reader and a challenge and response code, improving the security for the CFS Internet banking site.
The threat of online fraud was mitigated and reduced to a level that was now inline
The threat of online fraud was mitigated and reduced to a level that was now inline with CFS’ internal risk levels. CFS’ approach was vastly more secure than the traditional user name and password approach and dramatically reduced phishing and other typical online attacks. Because the user’s card needed to be present and a Challenge and Response Code generated, it eliminated the traditional types of attacks against retail customers. CFS’ use of its Visa bank cards meant customers enjoyed greater security without needing an additional security form factor, thus delivering convenience to its customers. With almost 1 million people using the system, ActivID has been able to deliver increased security with scalability to allow CFS to provide an optimised user experience. With fraud at a very low level, ActivID met its mission to protect and enhance the CFS brand.
Expanding the use of ActivID within CFS
While CFS’ initial ActivID deployment was for their retail Internet Banking systems, CFS also investigated how to improve the security for their business banking customers. One of the reasons CFS selected HID Global’s ActivID was its usability across banking channels. Because of ActivID’s success in reducing fraud on the retail side, CFS decided to test ActivID’s capabilities and expanded its deployment to protect CFS business banking customers.
Given the nature of corporate networks and mobility of business customers, CFS chose to deploy HID Global’s tokens to generate One Time Passwords (OTP) for authentication for its business customers. Nearly 100,000 CFS business customers use secure tokens to log on to their accounts and for a broad range of sensitive transactions. Business customers now have a greater peace of mind and better security because CFS has eliminated the use of static forms of security (the user name and password) for these customers.
As CFS moves in the future to new channels or service offerings, the existing ActivID deployment can be simply expanded to accommodate whatever functionality CFS chooses. An example of a new service offering could be the addition of mobile banking. If CFS chooses to add mobile banking for retail or business banking customers, the ActivID deployment can be updated to add this channel without the need to expand the existing IT infrastructure. By selecting ActivID, CFS chose the solution that not only provided it with the best return-on investment in the market, but also offered the easiest path for CFS to deploy the newest technologies demanded by its customers.