GPayments, the leading Australian-based authentication and payment solution company, has released a new version of their authentication platform for banks, which supports two factor authentication for Internet banking in addition to 3-D Secure for eCommerce transactions.
GPayments' authentication platform, ActiveAccess, is an Access Control Server (ACS) compliant with Verified by Visa, MasterCard SecureCode and JCB J/Secure authentication protocols. These authentication protocols are designed to reduce the risk of unauthorized use of a cardholder account by authenticating the cardholder attempting to make a purchase online.
Due to the significant increase in phishing attacks globally and the threat to online security, particularly through Internet banking, GPayments has enhanced its authentication platform to support two factor authentication. Two factor authentication is an additional security process that confirms user identities using two distinctive factors – something they know (eg password) and something they have (eg one time number generating device or smart card). The ActiveAccess authentication platform now provides a single platform for authentication of online users, two factor authentication for Internet banking as well as 3-D Secure authentication for eCommerce transactions.
According to Bahram Boutorabi, GPayments' Chairman and founder:
"GPayments is committed to developing and maintaining a lead in the provision of quality online authentication solutions to its banking customers. Our authentication platform, which has been in production since early 2003, already provides a superior solution for Verified by Visa, MasterCard SecureCode and JCB J/Secure. Our clients recognise the increasing threats posed by phishing and identity fraud. Extending GPayments existing bank-grade authentication platform to reduce the risk of exposure was a natural progression.
ActiveAccess has been developed to be device independent, providing a bank with the ability to use a variety of available devices such as one-time password tokens, mobile phones or CHIP-enabled cards.
We have also made the implementation process as simple as possible because we know cost is a major issue. To achieve this, we've developed a simple application to reside with the bank's Internet banking website. This component handles the communication between the Internet banking system and the authentication platform. This makes the integration process simple for the bank. Banks now have a single, cost-effective authentication platform for all of their customers Internet activities."
Features of the new two factor authentication module include:
Single Platform for Authentication
This now solves the problem experienced by a lot of banks about justifying the ROI associated with the implementation of 3-D Secure. ActiveAccess provides banks with a single platform for online authentication thereby reducing the cost of ownership of one solution for Internet banking and one solution for 3-D Secure. By investing in this solution, banks have the option of implementing a two factor authentication solution for Internet banking now, and waiting to implement 3-D Secure in the future or implementing both at the same time. It also means that different banking divisions can share the cost of the solution rather than purchasing two separate solutions.
Device Independent Platform
ActiveAccess provides an abstract platform for two factor authentication. By providing a high level and abstract authentication process, it simplifies integration with a bank’s online environment. It also hides the device specific intricacies of the authentication process. From the bank's point of view, the user experience is exactly the same regardless of the authentication device being used. This allows banks the flexibility of rolling out different types of authentication device across different user groups. Alternatively, users have the ability to choose the type of authentication device they would like to use.
The ActiveAccess two factor authentication module is device agnostic, supporting a wide range of authentication devices. This allows a bank to select their preferred authentication device by weighing up the balance between user preferences and convenience, security and cost. It also allows a bank to change their preferred authentication device in the future without impacting their existing implementation or losing the value of their initial investment.
To integrate two factor authentication into a banks existing online environment, GPayments provides a simple to install User Authentication Client software (UAC). This software manages the messaging between the Internet banking website and ActiveAccess and verifies digitally signed messages. The integration process is very simple and requires relatively low technical knowledge to complete, further reducing the overall cost of implementation of the solution.
Extensive Reporting and Customer Management
Through the web-based administration application, ActiveAccess provides an extensive set of reports, functions and statistics about customer online authentication activity. Reports are generated over time providing banks with feedback on customer trends and allowing the identification of additional opportunities and service provisions. Administration access is role based providing bank staff access to the functions only they require for such tasks as device management for technical staff and customer support management for help desk staff.
Bank Industry Standard Solution
ActiveAccess was initially developed as a banking solution for online authentication of eCommerce transactions. The solution incorporates bank grade security using hardware security modules for secure data encryption and storage. Because of its evolution, ActiveAccess has the level of security expected of this type of Internet security application and required before implementation in banking data centres.