Secure banking with two-factor authentication

Thursday, 02 April, 2009

The NSW Teachers Credit Union has upgraded the security of its internet banking facilities with a multi-factor authentication system.

As Teachers Credit Union does not have a physical branch network, its members in NSW, ACT and Northern Territory rely on the internet to access their accounts. Given almost 68% of the credit union’s 150,000 members use internet banking, it’s important for the credit union to secure its services against threats such as phishing, identity theft and online financial fraud.

“Members want the convenience and privacy of online banking with us, and in turn, they expect us to provide the best protection for their online transactions,” says Brad Hedgman, deputy chief executive of Teachers Credit Union. “To retain consumer confidence and loyalty, we must provide them with a convenient and easy way of protecting their online identities.”

As part of a broader online development strategy, the credit union undertook a review of its online security systems. The previous online security solution required members to log on using a simple username/password approach, with CAPTCHA providing a second layer of protection.

The CAPTCHA system generates and grades tests based on distorted text that humans can pass but current computer programs cannot, in order to protect the website against bots. However, the credit union decided that more advanced security was required to strengthen the protection it provides members from future threats.

A comparison of half a dozen security solutions was carried out to review the different options available in the market and determine the best fit for its online needs. Another requirement was integration with the existing Ultradata security software. The credit union ultimately decided to deploy a multi-factor authentication system.

Early in 2007, Teachers Credit Union implemented Australia Post VIP Online Security, an online security platform using VeriSign Identity Protection (VIP) Services. The solution has enabled the credit union to implement two-factor authentication for members’ online banking transactions.

The online security solution is based on open standards, which offers Teachers Credit Union a choice of two-factor credential options from different vendors to distribute to its members. So far, 18,000 one-time password (OTP) security tokens have been successfully rolled out to members for use with the system.

When members log into the Teachers Credit Union website, they still have to go through the process of entering their username and password, as well as the CAPTCHA text. Those members with a two-factor credential will then be prompted for an OTP. Rules are set out for each individual member so those without tokens will not see this additional step.

The system uses a shared authentication network, giving Teachers Credit Union the ability to accept the same authentication credentials as other participating members of VeriSign’s VIP network.

Apart from having greater protection when accessing their online banking accounts, members will also benefit from being able to use their single Teachers Credit Union credential with other VIP network participants in the near future.

Hedgman says the credit union was impressed by the concept of VIP: “We could see a real future with Australia Post VIP Online Security — allowing our members to use their tokens across multiple websites later down the track helps us give our members greater choice, while also providing them with the highest level of security.”

Currently, the credit union gives members the choice of whether they want to use two-factor authentication or not, as well as which form of credential they want to use: security token or SMS-based OTP. Those wanting to use OTPs are provided with a token free of charge.

“We really want our customers to use this new channel as we are the custodian looking after their funds, so we needed to make it easy for them to make that decision,” says Hedgman. “At the end of the day, we will save money by protecting them from online threats, particularly online fraud.”

Since deploying the new system, Teachers Credit Union has seen a noticeable decline in the incidence of online fraud, as well as a decrease in the number of transactional queries made by members.

In the near future, the credit union plans to end its use of CAPTCHA for online banking security, eliminating a further step members have to use each time they log in. According to Hedgman: “Some of our members think we have too much security at the moment, but that will be resolved when we remove CAPTCHA in the second phase of our online development roadmap. I anticipate another wave of two-factor token adoption will be initiated once that happens.”

Long term, the credit union will introduce a transactional rules-based decision system to detect oddities in a member’s spending patterns or where an unusual transaction has occurred.

Related Products

D-Link PowerLine pass-through powerline

The D-Link PowerLine AV2 2000 gigabit pass-through powerline starter kit includes two...

Trend Micro Incorporated XGen endpoint security

The Trend Micro Incorporated XGen endpoint security identifies benign data and known threats. It...

Kingston IronKey D300 managed encrypted USB flash drive

The Kingston IronKey D300 managed encrypted USB flash drive deploys an advanced level of encryption.

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd