HDFC Bank implements RSA fraud prevention technology

Source: RSA

RSA, The Security Division of EMC (NYSE: EMC) announced that HDFC Bank, one of India's premier financial institutions, has successfully implemented layered components of the RSA Identity Protection and Verification Suite to provide a comprehensive fraud prevention platform that has protected the bank and its customers from ever-advancing online threats.

The bank's implementation of RSA Adaptive Authentication, RSA FraudAction service and participation in the RSA eFraudNetwork community has helped increase customer confidence, accelerate enhanced online banking features, and significantly reduce phishing attacks.

"Online fraud is a significant threat to organizations and consumers all over the world -- and phishing, pharming and Trojan attacks are increasing in India as online banking becomes more popular. Our customers are also aware of these threats, so we needed to ensure we could offer them a secured platform that can protect their personal credentials and financial assets," said Vishal Salvi, Chief Information Security Officer, HDFC Bank. "Customer satisfaction is our top priority and RSA provided us with the necessary balance of online security and user convenience."

Salvi continued, "We had anticipated a slight drop in the number of customers using online banking services as they got used to the new security measures such as site-to-user authentication, but we didn't see this at all. As a result, our customers have been able to reap the benefits of better security with no impact on their online experience. The fraud prevention platform from RSA has been so effective that the bank has already seen a significant reduction in phishing attacks. And when online attacks are instigated against the bank, RSA is able to quickly respond and shut them down in about five to seven hours to greatly minimize their impact."

HDFC Bank has implemented RSA Adaptive Authentication that includes the visible component of site-to-user authentication to provide its customers with convenient online protection through the use of a personal security image and caption to verify the legitimacy of the bank's website. RSA Adaptive Authentication is designed to help provide HDFC Bank with behind-the-scenes security measures using risk indicators tracked by the RSA Risk Engine that include device identification, behavioral profiling and fraud data from the RSA eFraudNetwork community. In the case of high risk and potential fraud scenarios, HDFC Bank customers are authenticated with challenge questions and out-of-band phone calls to both confirm their transactions and help prevent malware from compromising transactions.

HDFC Bank has also deployed the RSA FraudAction service that is designed to detect, track and shut down phishing, pharming and Trojan attacks perpetrated by online fraudsters. The RSA FraudAction service has shut down more than 150,000 illicit web sites across 140 countries to date. Its fraud analysts operate from the RSA Anti-Fraud Command Center and work 24x7 to shut down web sites hosting online attacks, deploy countermeasures, and conduct extensive forensic work -- reducing the average lifetime of an online attack.

"We were impressed by the solution offered by RSA. As hosted services, RSA FraudAction and RSA Adaptive Authentication were very simple to integrate into our existing infrastructure and were deployed quickly with a minimum investment in resources. This compelling cost effectiveness of the solution was very important to us," said Salvi. "Furthermore, because they are hosted and API-based, RSA Adaptive Authentication and RSA FraudAction have accelerated the route to market for our enhanced online banking security features -- which was much simpler than developing anything like this in our own data center."

The bank also joined the RSA eFraudNetwork community, the industry's first and largest cross-institution, cross-platform online fraud network dedicated to sharing and disseminating real-time information on fraudulent activity. The members include thousands of the world's leading financial institutions, credit and debit card issuers, regional banks and credit unions, major ISPs, health insurers, government agencies and other organizations. The RSA eFraudNetwork community identifies and tracks fraudster profiles, patterns, and behaviors on a 24x7 basis. When an attack is detected against a network member and an active fraud pattern is identified, the fraud data is securely disseminated to all network members, providing protection against the most current online attacks.

Having successfully deployed the layered platform from RSA to combat fraud against online transactions, the bank's next project is to extend this protection to customers' credit and debit card payments. Over time, HDFC Bank is also considering introducing additional security features for its users including the RSA SecurID two-factor authentication system.

"Our measured success at HDFC Bank reflects our proven abilities in protecting against the continuous advancements in online fraud and identity impersonation, as well as our ability to deliver value to our customers that reduces related losses," said Amuleek Bijral, Country Manager, RSA India and SAARC. "We are proud to team with HDFC Bank to boost both the security of its Internet banking systems and the confidence of its customers who now have visible assurances that their identities and assets are more secure."

Comments: (0)