The Netherlands-based KAS BANK N.V. regularly handles cash transactions ranging up to 25 million Euros and security transactions worth billions. Needless to say, the 200-year-old supplier of investment management, custody, clearing and settlement services is well aware of the growing security risks associated with high-value online transactions. This led to KAS BANK’s ultimate selection of HID Global’s Smart Banking ID solution to provide the highest level of security while meeting customer demands for usability and convenience.
Solutions to defend against future attacks
As banks offer more high-value services online it should come as no surprise that the number and intensity of online attacks continues to grow. The challenge for KAS BANK and all other banks is to economically deploy solutions that balance increased security with customer convenience and that promise to defend against future generations of attacks.
As a leading user of Society for World-wide Interbank Financial Telecommunications (SWIFT) for bank-to-bank interactions, KAS BANK looked first to SWIFTNet to secure its end customer transactions, including those with institutional investors such as pension funds and insurance companies. KAS BANK soon realised however, that SWIFTNet had some disadvantages for end customer-based transactions.
KAS BANK’s customers found the new system inconvenient compared with other Internet-based solutions
Problems with SWIFTNet system
The cost of SWIFTNet proved quite prohibitive. The complex infrastructure was also a burden for KAS BANK and clients as transfers had to be made from dedicated terminals with special network connections and multiple Hardware Security Module (HSM) servers.
KAS BANK’s customers found the new system inconvenient compared with other Internet-based solutions. Moreover, SWIFT required these customers to endure extensive legal and security audit hurdles. Usability was a major concern as users had to physically get up from their desk and walk to a dedicated SWIFTNet terminal. In the end, KAS BANK customers were clamouring for a more cost-effective, user-friendly solution that would secure transfers over the Internet from their users’ PCs rather than dedicated terminals.
HID PKI-based smart card solution
To satisfy their customers’ demands and reduce operating costs, KAS BANK began evaluating alternatives in late 2004. Through Q&I Nederland BV, KAS BANK learned about HID Global which offered a PKI-based smart card solution. HID Global’s Smart Banking ID solution uses asymmetric technology that ensures non-repudiation of all customer transactions.
“Our management felt HID Global offered a perfect solution and a good investment in the future because it delivered the highest level of security available with a reusable infrastructure,” says Johan van der Wal, head of Client Information Management at KAS BANK. “As the market leader, HID Global gave us a feeling that they were the right partner.”
HID Global offered a total solution and could demonstrate the experience and knowledge of its Professional Services team through similar project deployments including a multi-million user deployment at the U.S. Department of Defense. Customer convenience would dramatically increase as well with HID Global’s solution as it allowed users to process transactions from their own desktop and utilised a familiar KAS BANK user interface.
Rejecting token-based solution
KAS BANK also investigated token-based, symmetric key solutions from vendors such as RSA, a division of EMC. However, the Bank was concerned that the token technology could not achieve non-repudiation of transactions because the same password was used to encrypt and decrypt transaction data. The RSA solution offered no guarantee that the key had not been known by an external third party, creating a risk that the bank was sufficiently concerned about.
KAS BANK will soon be leveraging the same HID Global technology to provide their employees with HID Global’s Smart Employee ID solution
“Had we chosen the token-based solution, regulators might have come back to us in two or three years and we would have to change – and lose that investment,” says van der Wal.
HID Global ActivID CMS
The heart of HID Global’s Smart Banking ID solution is HID Global’s ActivID Credential Management System (CMS), which is used to issue and manage the smart cards. The cards are certified to military-grade, providing a very high level of security. The process for issuing cards begins when KAS BANK sends blank smart cards to their customers. Security officers within customer organisations are responsible for enrolling and issuing cards to end users within their respective organisation.
To issue a card, a security officer uses the operator interface of HID Global’s ActivID CMS to generate asymmetric keys and assign a PIN. The customer also signs a contract with KAS BANK accepting responsibility for the issuance and management of smart cards internally within their organisation. Authorised individuals can then process transactions from their desk after logging in with their smart card to any PC with with HID Global’s ActivClient. HID Global’s solution will offer rich features and capabilities.
KAS BANK will soon be leveraging the same HID Global technology to provide their employees with HID Global’s Smart Employee ID solution. With a single smart card, employees can securely access their PC, perform single sign-on (SSO) to applications, securely access the network remotely, sign emails and documents, and complete transactions – and ultimately access secure areas of their building.