Sydney, 5 April, 2005: GPayments, the leading
Australian-based authentication and payment solution company, has released a
new version of their authentication platform for banks, which supports two
factor authentication for Internet banking in addition to 3-D Secure for
eCommerce transactions.
GPayments’ authentication platform, ActiveAccess, is an Access
Control Server (ACS) compliant with Verified by Visa, MasterCard SecureCode and
JCB J/Secure authentication protocols. These authentication protocols are
designed to reduce the risk of unauthorized use of a cardholder account by
authenticating the cardholder attempting to make a purchase online.
Due to the significant increase in phishing attacks globally
and the threat to online security, particularly through Internet banking,
GPayments has enhanced its authentication platform to support two factor
authentication. Two factor
authentication is an additional security process that confirms user identities
using two distinctive factors – something they know (eg password) and something
they have (eg one time number generating device or smart card). The
ActiveAccess authentication platform now provides a single platform for
authentication of online users, two factor authentication for Internet banking
as well as 3-D Secure authentication for eCommerce transactions.
According to Bahram Boutorabi, GPayments’ Chairman and founder:
“GPayments is
committed to developing and maintaining a lead in the provision of quality
online authentication solutions to its banking customers. Our authentication
platform, which has been in production since early 2003, already provides a superior
solution for Verified by Visa, MasterCard SecureCode and JCB J/Secure. Our
clients recognise the increasing threats posed by phishing and identity fraud. Extending
GPayments existing bank-grade authentication platform to reduce the risk of
exposure was a natural progression.
ActiveAccess has
been developed to be device independent, providing a bank with the ability to
use a variety of available devices such as one-time password tokens, mobile
phones or CHIP-enabled cards.
We have also made
the implementation process as simple as possible because we know cost is a
major issue. To achieve this, we’ve developed a simple application to reside
with the bank’s Internet banking website. This component handles the
communication between the Internet banking system and the authentication
platform. This makes the integration process simple for the bank.
Banks now have a
single, cost-effective authentication platform for all of their customers
Internet activities”.
Features of the new two factor authentication module include:
Single Platform for Authentication
This now solves the
problem experienced by a lot of banks about justifying the ROI associated with
the implementation of 3-D Secure. ActiveAccess provides banks with a single
platform for online authentication thereby reducing the cost of ownership of
one solution for Internet banking and one solution for 3-D Secure.
By investing in this
solution, banks have the option of implementing a two factor authentication
solution for Internet banking now, and waiting to implement 3-D Secure in the
future or implementing both at the same time. It also means that different
banking divisions can share the cost of the solution rather than purchasing two
separate solutions.
Device Independent
Platform
ActiveAccess provides an abstract platform for
two factor authentication. By providing a high level and abstract
authentication process, it simplifies integration with a bank’s online
environment. It also hides the device specific intricacies of the
authentication process.
From the bank’s point of view, the user
experience is exactly the same regardless of the authentication device being
used. This allows banks the flexibility of rolling out different types of
authentication device across different user groups. Alternatively, users have
the ability to choose the type of authentication device they would like to use.
The ActiveAccess two factor authentication
module is device agnostic, supporting a wide range of authentication devices.
This allows a bank to select their preferred authentication device by weighing
up the balance between user preferences and convenience, security and cost. It
also allows a bank to change their preferred authentication device in the
future without impacting their existing implementation or losing the value of
their initial investment.
To integrate two factor authentication
into a banks existing online environment, GPayments provides a simple to
install User Authentication Client software (UAC). This software manages the
messaging between the Internet banking website and ActiveAccess and verifies
digitally signed messages. The integration process is very simple and requires
relatively low technical knowledge to complete, further reducing the overall
cost of implementation of the solution.
Extensive Reporting and Customer
Management
Through
the web-based administration application, ActiveAccess provides an extensive
set of reports, functions and statistics about customer online authentication
activity. Reports are generated over time providing banks with feedback on
customer trends and allowing the identification of additional opportunities and
service provisions. Administration access is role based providing bank staff access
to the functions only they require for such tasks as device management for
technical staff and customer support management for help desk staff.
Bank Industry
Standard Solution
ENDS
Phishing
The act of sending an e-mail to a user falsely
claiming to be an established legitimate enterprise in an attempt to scam the
user into surrendering private information that will be used for identity
theft. The e-mail directs the user to visit a Web site where they are
asked to update personal information, such as passwords and credit card, social
security, and bank account numbers, that the legitimate organization already
has. The Web site, however, is bogus and set up only to steal the user’s
information.
2003 saw the proliferation of a phishing scam in which users
received e-mails supposedly from eBay claiming that the user’s account was
about to be suspended unless he clicked on the provided link and updated the
credit card information that the genuine eBay already had. Because it is
relatively simple to make a Web site look like a legitimate organizations site
by mimicking the HTML
code, the scam counted on
people being tricked into thinking they were actually being contacted by eBay
and were subsequently going to eBay’s site to update their account information.
By spamming large groups of people, the “phisher” counted on the e-mail being
read by a percentage of people who actually had listed credit card numbers with
eBay legitimately.
Reference: www.webopedia.com/TERM/P/phishing.html
GPayments Pty Ltd, was founding member of Visa
International's 3-D Secure Forum, is a leading provider of 3-D Secure
enablement solutions. GPayments has a fully compliant 3-D Secure product suite
providing simultaneous support for Verified by Visa, MasterCard SecureCode and
JCB J/Secure.
GPayments is a leading provider of authentication and payment
solutions. A decade of experience in Internet technology has positioned it as a
leader in these fields. It provides solutions for financial institutions
(issuers and acquirers), payment gateways and third party processors, merchants
and cardholders in many countries around the world. Further information can be
found at www.gpayments.com.
sales@gpayments.com