By Maria MacRitchie, Product Marketing Manager Identity and Access Management, HID Global
Losing customers, revenue or your brand reputation because of account takeover or any other security breach is nothing a bank would wish for. But the threats are not only external. Failing to secure access for your tellers and bank employees can lead to the exposure of sensitive information with the same devastating consequences.
Security starts on the inside of an organization. Employee access and internal processes are the strongest form of defence if they are secure, but the most effective way in for attackers if they are not.
As many banks begin to deploy multi-factor authentication (MFA) to secure workforce access, the usability and ultimate protection provided by various solutions can vary. Here are some suggestions for how to evaluate different options in order to select the one that will protect your sensitive financial systems, data, and endpoint access while providing a flawless experience for your users.
Support for Shared Workstations
Part of a strong security strategy is ensuring that your employees can easily do their jobs without compromising sensitive financial data. With a substantial portion of banks now operating banks with shared workstations and a shared employee environment, multi-factor authentication that can secure rapid login to any machine, at any time, is critical.
First Bank, a community bank with over 80 branches in the US, has chosen HID’s advanced MFA solution, DigitalPersona™, to bring fluidity across shared workstations and enable their employees to move seamlessly throughout branches – without requiring a password at every workstation. Moreover, First Bank employees have the freedom of logging in with the simple touch of a finger, thanks to biometric authentication option within the solution.
With numerous workstations throughout the organization, First Bank has significantly reduced time spent on importing credentials from dispersed sources and locations by leveraging DigitalPersona through a centrally located system.
Customizable and Contextual Policies
A best practice for advanced multi-factor authentication in banks is the ability to set appropriate security policies — from organization all the way to the solution level which can be unique to specific locations, departments, and users. With DigitalPersona, financial services organizations can layer the authentication requirements to meet specific use cases to be more robust when needed.
These customizable authentication options can be easily adjusted by administrators on the fly, and can incorporate a wide selection of devices and authentication methods:
- Multi-protocol smart cards, such as HID Crescendo® (FIDO, PKI, PIV, OATH, Seos® and iCLASS® for converged physical and logical access)
- Security keys, such as HID Crescendo Key Series USB-A and USB-C
- Building access cards
- One-time password tokens
- Bluetooth and NFC devices
- Push authentication
In high-risk banking environments, contextual MFA takes other factors and risks into consideration to determine the right type of authentication needed – for any user at any specific moment. DigitalPersona monitors geographical location and time to detect threat and fraud.
Harmony Across Existing Infrastructure
Financial services organizations tend to be rich in complex systems, multiple banking applications and platforms which create silos of security infrastructure. HID’s MFA solutions expand across the entire ecosystem — from cards and credentials that secure access to both IT resources and facilities, to cloud-based and on-premise credential management, to on-premise and cloud-based user authentication. Not only does this enable banks with cross-system versatility and unity across their security infrastructure, but it means they can configure a layered security approach with solutions that support leading standards, such as FIDO, PKI, OATH in addition to various physical access technologies, such as Seos, iCLASS, MIFARE DesFIRE and more.
Gesa Credit Union is an example of a financial organization that deployed DigitalPersona as a unified solution to authenticate employee access across all systems, applications, and hardware solutions. They initially used DigitalPersona and HID fingerprint readers for Windows authentication and have since added more applications across their entire organization.
Convergence of Physical and Logical Access
While modern financial services organizations cannot afford to fail in securing access to sensitive systems and data, it is equally vital to protect access to buildings and physical spaces with the same concern. With HID Crescendo, financial institutions can use one, simple solution to secure both physical and digital access. HID Crescendo smart cards can act as a converged credential that can be used as a visual identity badge enabling bank employees to seamlessly access all resources throughout their day — from workstations, private or shared, systems, data, and applications to bank branch or head office buildings and rooms.
About the author: Maria MacRitchie leads the product marketing efforts for the IAM Workforce Authentication solution globally. She has over 15 years of experience with B2B and B2C product, services and marketing communications within the IT and telecom industries. Maria has been with HID for 7 years, holding various communication roles within the Professional Services, PACS Cloud Services and Product Marketing teams.