Provident Savings Bank rolls out Open Solutions two-factor authentication module

Source: Open Solutions

Open Solutions Inc (NASDAQ: OPEN), a provider of integrated enabling technologies for community financial institutions in the United States and Canada, announced the release of its Security Matrix Two-Factor Authentication feature, which will be offered to client financial institutions as an optional security add-on to the Internet Banking application (e-Commerce Banker).

Provident Savings Bank, the $1.5 billion wholly owned subsidiary of Provident Financial Holdings, Inc. (NASDAQ: PROV), recently completed its beta test and will begin rolling it out to its customers in April.

"Regulators are requiring all financial institutions to use multifactor authentication, layered security or other controls appropriate to the level of risk by December 2006," said Lil Brunner, CIO, SVP of Provident Savings Bank. "We were excited that Open Solutions developed a solution this quickly. It's very important for us to protect our customers' accounts, and we really feel the need for another layer of protection - especially for Internet banking. We volunteered to test Security Matrix as soon as Open Solutions offered it."

With Security Matrix, online banking consumers receive an additional, true two-factor level of protection when accessing their sensitive account data. Each consumer is issued a wallet-sized card, which contains unique random numbers arranged in a row-and-column format (i.e. a matrix). The online user first enters his or her user name and password in the established manner. The consumer will then be prompted to input a second authentication factor - the digits contained in 3 randomly chosen cells in the matrix. The consumer will enter the data contained in the cell element that corresponds to the prompted coordinates. Once the system verifies that the digits entered are correct, the user is admitted to the online banking portal. This results in more than 59,000 possible combinations to complete a valid authentication.

"We provide our Internet banking customers with a matrix card, and they must have it with them each time they sign on. The matrix card is unique to every customer, and the digits they are required to input changes every time they get to the sign-on screen," Brunner said. "With the Open Solutions Internet banking system offering, only the customer knows the actual matrix values that were issued."

This type of authentication requires limited customer training and, if the card is lost, replacement is easy and inexpensive. Conventional OTP hardware tokens rely on electronics that can fail through physical abuse or defects, but placing the matrix on a wallet-sized card makes it easy to carry. "Customers should protect the card the same way they would protect their debit or credit card," Brunner said.

"With all the new requirements and concern surrounding improved Internet banking user authentication, Open Solutions developed its own two-factor authentication solution," said Mike Nicastro, SVP and CMO of Open Solutions. "We saw the need to move to a two-factor model to help better secure the online banking process as well as help our client financial institutions satisfy their needs for additional security to combat identity theft, phishing and online fraud. The key to our approach is that it securely identifies the user accessing the Internet banking application without requiring the online banking customer to have any new hardware or install new software. This add-on customer protection measure helps financial institutions comply with recent FFIEC guidelines regarding online banking services risk assessment and associated improvements in customer sign-on authentication."

"Financial institutions are entrusted with educating their employees and clients to manage risk," said Louis Hernandez, Jr. chairman and CEO of Open Solutions. "Therefore, they must be equipped with the most advanced technology available to offer secure Internet banking data protection. Open Solutions understands the need to protect this account information, and is continually developing the security tools to support both personal and enterprise-wide risk management strategies. Our approach makes it easier for our financial institutions to implement this added security measure for their online users and further help to promote online application security."

Comments: (0)