GPayments’ authentication platform, ActiveAccess, is an Access Control Server (ACS) compliant with Verified by Visa, Mastercard SecureCode and JCB J/Secure authentication protocols. These authentication protocols are designed to reduce the risk of unauthorised use of a cardholder account by authenticating the cardholder attempting to make a purchase online.
Due to the significant increase in phishing attacks globally and the threat to online security, particularly through Internet banking, GPayments has enhanced its authentication platform to support two factor authentication. Two factor authentication is an additional security process that confirms user identities using two distinctive factors – something they know (eg password) and something they have (eg one time number generating device or smart card). The ActiveAccess authentication platform now provides a single platform for authentication of online users, two factor authentication for Internet banking as well as 3-D Secure authentication for eCommerce transactions.
According to Bahram Boutorabi, GPayments’ Chairman, founder and CTO:
“GPayments is committed to developing and maintaining a lead in the provision of quality online authentication solutions to its banking customers. Our authentication platform, which has been in production since early 2003, already provides a superior solution for Verified by Visa, Mastercard SecureCode, American Express SafeKey, JCB J/Secure and Diners Club International ProtectBuy. Our clients recognise the increasing threats posed by phishing and identity fraud. Extending GPayments existing bank-grade authentication platform to reduce the risk of exposure was a natural progression.
ActiveAccess has been developed to be device independent, providing a bank with the ability to use a variety of available devices such as one-time password tokens, mobile phones or CHIP-enabled cards.
We have also made the implementation process as simple as possible because we know cost is a major issue. To achieve this, we’ve developed a simple application to reside with the bank’s Internet banking website. This component handles the communication between the Internet banking system and the authentication platform. This makes the integration process simple for the bank.
Banks now have a single, cost-effective authentication platform for all of their customers Internet activities”.
Features of the new two factor authentication module include:
Single Platform for Authentication
This now solves the problem experienced by a lot of banks about justifying the ROI associated with the implementation of 3-D Secure. ActiveAccess provides banks with a single platform for online authentication thereby reducing the cost of ownership of one solution for Internet banking and one solution for 3-D Secure.
By investing in this solution, banks have the option of implementing a two factor authentication solution for Internet banking now, and waiting to implement 3-D Secure in the future or implementing both at the same time. It also means that different banking divisions can share the cost of the solution rather than purchasing two separate solutions.
Device Independent Platform
ActiveAccess provides an abstract platform for two factor authentication. By providing a high level and abstract authentication process, it simplifies integration with a bank’s online environment. It also hides the device specific intricacies of the authentication process.
From the bank’s point of view, the user experience is exactly the same regardless of the authentication device being used. This allows banks the flexibility of rolling out different types of authentication device across different user groups. Alternatively, users have the ability to choose the type of authentication device they would like to use.
The ActiveAccess two factor authentication module is device agnostic, supporting a wide range of authentication devices. This allows a bank to select their preferred authentication device by weighing up the balance between user preferences and convenience, security and cost. It also allows a bank to change their preferred authentication device in the future without impacting their existing implementation or losing the value of their initial investment.
To integrate two factor authentication into a banks existing online environment, GPayments provides a simple to install User Authentication Client software (UAC). This software manages the messaging between the Internet banking website and ActiveAccess and verifies digitally signed messages. The integration process is very simple and requires relatively low technical knowledge to complete, further reducing the overall cost of implementation of the solution.
Extensive Reporting and Customer Management
Through the web-based administration application, ActiveAccess provides an extensive set of reports, functions and statistics about customer online authentication activity. Reports are generated over time providing banks with feedback on customer trends and allowing the identification of additional opportunities and service provisions. Administration access is role based providing bank staff access to the functions only they require for such tasks as device management for technical staff and customer support management for help desk staff.
Bank Industry Standard Solution
ActiveAccess was initially developed as a banking solution for online authentication of eCommerce transactions. The solution incorporates bank grade security using hardware security modules for secure data encryption and storage. Because of its evolution, ActiveAccess has the level of security expected of this type of Internet security application and required before implementation in banking data centres.
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organisation already has. The Web site, however, is bogus and set up only to steal the user’s information.
2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organisations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.
GPayments Pty Ltd, was founding member of Visa International's 3-D Secure Forum, is a leading provider of 3-D Secure enablement solutions. GPayments has a fully compliant 3-D Secure product suite providing simultaneous support for Verified by Visa, Mastercard SecureCode and JCB J/Secure.
GPayments is a leading provider of authentication and payment solutions. A decade of experience in Internet technology has positioned it as a leader in these fields. It provides solutions for financial institutions (issuers and acquirers), payment gateways and third party processors, merchants and cardholders in many countries around the world. Further information can be found at www.gpayments.com.