To improve the speed and efficiency in which financial institutions develop and provide customers secure, trusted mobile banking applications, Entrust, Inc., announces the Entrust IdentityGuard Mobile Software Development Kit (SDK) for today's popular mobile platforms, including Apple, Google Android, RIM BlackBerry and Java.
This easy-to-use security toolkit helps banks transparently embed Entrust's strong authentication technology into an organization's new or existing mobile-banking application.
"When we released Entrust IdentityGuard Mobile in 2010 it was met with much applause and praise," said Entrust President and CEO Bill Conner. "But what we heard from customers is that they found even more value in the ability to embed the technology into their own mobile applications. Entrust listened and now we're providing a software toolkit that brings a new level of transparency, brand consistency and proven security technology to the mobile banking world."
From e-mail communication, social networking, banking, commerce, shopping and personal entertainment, mobile devices have enabled a radical shift in the manner in which organizations can now service their customers. But the growth in mobile devices and the drive to move more services to the mobile channel has also increased incidences of fraud targeting these devices.
"The mobile channel provides an immediacy and persistence of communication that is not possible via traditional channels, including the online channel," said George Tubin, Senior Research Director for TowerGroup, a Corporate Executive Board Company. "The device is virtually always on and always available. But unprecedented growth in the use of mobile applications provides criminal groups a new, lucrative target to use sophisticated fraud techniques to defraud mobile users."
The SDK also will assist financial institutions with deploying stronger authentication for online customer security, a requirement expected to be at the center of upcoming guidance from regulatory agencies of the Federal Financial Institutions Examination Council (FFIEC).
The organization's 2005 guidance took a strong stance in support of the deployment of stronger authentication methods, as well as fraud detection techniques, to protect customer identities and information during online banking transactions. But advances in criminal technology demands stronger guidelines to help stop advanced attacks that target the identities and transactions of consumers and business-banking customers.
Simple, Quick & Secure
The Entrust IdentityGuard Mobile SDK helps financial institutions thwart this threat by enabling them to seamlessly embed strong authentication into an application's mobile session without requiring the user to input a one-time passcode (OTP). This provides a simple and secure approach to protect a user when their password has been compromised.
The toolkit also allows financial institutions to incorporate additional security features into mobile banking applications to enhance security for the online channel, including soft tokens and out-of-band transaction verification capabilities.
"We really feel it's important for banks to ensure there's consistent branding between their website, secure mobile banking application and even branch locations," said Conner. "The net result is a mobile application platform that gives financial institutions an edge over competitors with progressive, cross-channel security features that are simple to use and effective against today's most advanced online fraud threats."
Reduce Costs, Increase End-User Acceptance
Embedding OTP tokens is more cost-effective than purchasing, issuing and deploying hardware tokens because it leverages devices that are already widely deployed — increasing user acceptance. This transparent approach meets mobile user expectations of quick, simple application access and helps application providers build a consistent brand between their mobile application and online presence.
Designed for Developers
For software developers creating mobile applications, security is often a secondary concern yet needed to help comply with regulatory guidelines for the financial industry, such as those provided by the FFIEC. But because of its straightforward APIs, the Entrust IdentityGuard Mobile SDK allows developers to easily design and implement identity-based security into their branded mobile applications without sacrificing usability or transparency for end-user adoption.
The SDK provides a number of capabilities that enables features such as transparent strong mobile authentication, soft token display to address online banking security and out-of-band transaction verification to help defeat advanced fraud attacks such as man-in-the-browser. With support for the most popular platforms, the toolkit delivers a common API framework that allows developers to leverage integration efforts across multiple development environments.
Entrust Secures the Mobile Channel
Entrust IdentityGuard Mobile is a family of identity applications that leverage existing mobile devices for greater authentication security. Proven transaction verification, OTP authentication and Entrust's advanced SDKs are powerful tools in the fight against online and mobile fraud. The platform is a component of Entrust's comprehensive strong authentication and fraud detection solution for retail- and business-banking environments.
Not exclusive to banking environments, Entrust IdentityGuard Mobile may also be used with Entrust IdentityGuard to provide strong authentication for enterprise use, remote access or government initiatives. The application can manage multiple identities on a single device, making it one of the most versatile and easy-to-use soft tokens available on the market today.
Entrust enables organizations to layer security — according to access requirements or the risk of a given transaction — across diverse users and applications. Entrust's authentication capabilities include username and password, IP-geolocation, device, questions and answers, out-of-band one-time passcode (delivered via voice, SMS or e-mail), grid and eGrid cards, digital certificates (in software or on smart cards/USB Tokens) and a range of one-time-passcode tokens, including Entrust IdentityGuard Mobile. Entrust also provides multiple methods of supporting mutual authentication, including picture and caption replay as well as Extended Validation (EV) SSL certificates.