BMCE, (Banque Commerciale pour le Marché de l'Entreprise), a subsidiary of Crédit Mutuel, a leading banking group in France, has recently developed online banking services named "DOMIPASS". The Bank has chosen XIRING's authentication solutions to secure these services and mitigate against future risk of fraud in remote transactions.

Yves BOHEC, Development Manager at BMCE says, "Our core business is to develop high value-added financial products and services for our corporate customers. Our online services must provide the best functionality and guarantee the highest levels of security."

Christian Le Garnec, Remote Banking Department Manager at BCME says: "Our electronic banking offering is well known on the market, it seemed natural to choose an authentication solution based on the EMV standard. Working with XIRING and worldwide standards enables us to leverage the investments made on the EMV payment system."

The authentication solution is based on a "challenge-response" mechanism, which allows two-factor authentication and provides maximum security for remote banking transactions.

The user enters his ID on the bank's web site and is asked a "challenge". To respond, he inserts his "Domipass Entreprise" smart card in the Xi-sign 4000, enters his four-digit pin code and the "challenge" number. The Xi-Sign reader then displays the "response" to the "challenge": a one-time-password (OTP) generated by the chip. This eight-digit OTP is valid for a single transaction and is used as the final stage of authentication when accessing bank services via the web portal. This system is the best protection against identity theft. XIRING's Xi-Sign 4000 complies with VISA "Dynamic Password Authentication" and MasterCard "Chip Authentication Program".

Nigel Reavley, Manager of the Banking Business Unit at XIRING comments, "A Gartner study recently highlighted the limits of solutions based on static password methods. XIRING's strong authentication solutions secure online banking services by enabling banks to be absolutely certain that the cardholder is present at the time of the transaction and to confirm that he/she is authorised to conduct online banking transactions."

"The use of a dedicated reader, unconnected to the PC, such as the Xi-Sign 4000, leaves no room for online fraud as the one-time-password generated by the reader is valid solely for the transaction in progress. With our solutions, customers can safely conduct online banking transactions."

By adopting a two-factor authentication solution based upon the EMV smart card, banks will build upon the initial investment made in the migration to EMV. As online fraud continues to increase, the adoption of strong authentication is necessary in order to achieve the levels of security expected by online banking users.