Banking Security And Fraud Prevention

CLIENT: Zenith Bank PLC

INDUSTRY: Banking

LOCATION: Nigeria

BUSINESS DRIVER: In order to protect the bank's information assets and ensure confidentiality and integrity of customer information and financial transactions, Zenith Bank needed to add a scalable banking level access security solution layer to existing security controls. The company wanted to move away from the use of vulnerable static passwords that are susceptible to being stolen or used in fraudulent impersonations and social engineering attacks. Zenith Bank opted for a strong authentication solution that supports non-repudiated users transactional activities.

SOLUTION: Zenith Bank engaged the services of MAXUT Consulting to design, recommend and implement a scalable two-factor authentication architecture suitable for a large number of bank staff and 100s of thousands of Online Banking customers. The solution needed to consolidate and protect heterogeneous access points, corporate web, core banking and internet banking applications within a centralized authentication framework. The Bank also required simple to use, low maintenance and cost effective hardware tokens for the large number of end-users. MAXUT Consulting successfully deployed VASCO Identikey Authentication Server solution in a High Availability and Business Continuity Planning (BCP) infrastructure. The platform was integrated with various access and authentication points including Windows logons, Microsoft Active Directory (AD), Remote virtual private network (VPN) and various banking applications. Read more

CLIENT:Jaiz Bank

INDUSTRY: Banking

LOCATION: Nigeria

BUSINESS DRIVER:Jaiz Bank needed to protect online banking customers from identity and payment fraud schemes that lead to account takeover, and the internal banking staff from social engineering risks. Added to these key drivers are expected directives from the apex bank in Nigeria, the Central Bank of Nigeria (CBN) regarding the use of strong authentication by bank employees involved with customer transactions and internal banking information systems. Jaiz Bank planned to be compliant ahead of these critical business needs as well as other security standards such as PCI DSS (Payment Card Industry Data Security Standard) .

SOLUTION: After consultations and an open bidding process, Jaiz Bank engaged the services of MAXUT Consulting Ltd. for a solution that offers a unique combination of user convenience with two-factor authentication and access security. MAXUT designed and implemented a solution that integrated Jaiz Bank's online banking applications with VASCO VACMAN Controller. This back-end solution was supported by DigiPass Go6 hardware tokens that generated one-time passwords (OTP) for over 10,000 online banking customers issued with the tokens. The bank was able to totally eliminate the use of vulnerable static passwords by customers. Read more

CLIENT:Diamond Bank

INDUSTRY: Banking

LOCATION: Nigeria

BUSINESS DRIVER:Diamond Bank needed to protect internal banking staff from identity thefts and social engineering risks. Part of the requirements dictated that any recommended solution must leverage existing internal knowledge of VASCO IAS solution already deployed for customer banking. The bank needed a partner that could deploy a suitable solution and provide software expertise in integrating the two-factor authentication platform with various corporate internal web applications and Oracle FLEXCUBE Universal Banking applications.

SOLUTION: Working with TASK Systems an incumbent and long-term IT partner at Diamond Bank Plc., MAXUT Consulting deployed VASCO IAS for internal bank staff and created a web services module ("DRAXLA") that served as the front-end to various web applications requiring two-factor authentication at the bank. The use of the integration module dramatically reduced the time to integrate current and new web-based applications to the 2FA platform, by abstracting the bank's application developers from the complexity of platform. The approach enables Diamond Bank to be one of the first banks in Nigeria to be compliant well ahead of the deadline, with a subsequent CBN Directive requiring strong authentication by employees with access to Core Banking applications and internal systems. Read more

CLIENT:Zenith Bank PLC

INDUSTRY:Banking

LOCATION: Nigeria

BUSINESS DRIVER:With the uptake of mobile devices by customers and the convenience of mobile banking, Zenith Bank, like many financial institutions, needed to protect its customers from mobile device-specific vulnerabilities in addition to usual cyber threats such as financial malwares, web-based banking Trojans and man in the middle attacks. Securing mobile banking apps has become a critical component of an effective fraud prevention strategy for all financial institutions.

SOLUTION: Based on DigiPass for Apps, a software development security platform from OneSpan, MAXUT helped Zenith Bank to design, and secure its mobile banking apps to protect users from mobile platform vulnerabilities. The platform provides a single framework for user authentication(2FA), transaction and device protection. MAXUT worked with the bank’s software development teams to create a custom mobile authenticator app, and the necessary back-end integration to various banking services applications, processes and chargeback systems, in a first phase of the project. Read more