Data protection
A two-factor authentification system has been successfully adopted by Mashreq Bank to offer secure online banking for its corporate customers
Mashreq is one of the largest banks in the United Arab Emirates (UAE), and was established more than 40 years ago. The bank has a strong corporate banking presence in the region including Egypt, Qatar and Bahrain, and a further 12 offices in nine countries covering Europe, Asia, Africa and North America. The bank also has a dominant retail position in its local markets – one in every three households in the UAE bank with Mashreq.
The banking industry in the Middle East is flourishing and highly competitive, and Mashreq’s corporate clients expect the latest technological innovations. Specifically, there is a growing demand for online banking capabilities. The Middle Eastern population, however, has historically had a distrust of online security ethods, such as keying in passwords into a browser, and therefore the desire for online banking functionality has created a demand for high levels of security with a simple user experience.
Mashreq needed to deliver high levels of security for online access that customers would trust, and overcome the security challenges inherent with electronic communications. Mashreq opted to trial two factor authentication (2FA) as a potential security solution for its corporate customers. The premise of 2FA relies on the adage ‘something you know, something you have’, and is said to be one of the simplest and most effective methods of achieving password protection and preventing unauthorised access to IT systems.
Users are required to input something they know, such as a PIN, and use something they have, such as a token that generates a onetime password (known as an OTP). The OTP, which works once and only once, can be delivered via a physical token, SMS, or smartcard. Having trialled 2FA for a year, Mashreq customer’s experienced problems with synchronisation and timing-out. Additionally, the administrative burden had been greater than anticipated. Mashreq required a more reliable solution that would easily integrate into its internal processes and most importantly, meet its customer satisfaction goals.
Mashreq selected CRYPTOCard’s 2FA technology, CRYPTO-Shield, with long-life hardware tokens. The bank initially purchased 7500 tokens, phasing out its old token systems as it introduced the new 2FA solution. Each customer is assigned a hardware token, which has a unique ID and barcode, against which the bank uses its software to set financial limits for these customers. “We needed a 2FA solution that could provide highly secure customer access to banking facilities in a simple, user friendly manner. CRYPTOCard demonstrated both the technical capabilities to meet this brief and the flexibility to ensure our unique needs were met,” comments Yasmeen Javaid, divisional manager for Transactional Banking Services, Mashreq.
The tokens are dispatched from Mashreq by person-to-person delivery in tamper-proof packages. Each customer presents valid identification and signs for the package, verifying that it has not been compromised.
Mashreq’s customers have faith in the system since the unique password that the token algorithm creates is highly secure, and the hardware is both robust and reliable. With customer support requirements for token use disappearing, user experience feedback has been very positive. The technology is perceived to be a high-tech and functional tool by Mashreq’s customers wishing to use online banking securely.
In addition, users now have greater confidence in conducting online banking transactions, which in turn brings clear business benefits to Mashreq with regard to client retention and business growth. Furthermore, the hardware tokens carry Mashreq’s corporate branding and are issued in branded leather wallets making them a suitable item for even the highest-level customer to carry.
Continual innovation by CRYPTOCard, with its enhanced features and benefits, allows Mashreq to keep ahead of customer service requirements. These include internal financial requirements, such as auditing, reporting and workflow automation, allowing the bank to scale its online solutions in line with frequently changing requirements, and in a secure manner. “By the time we have identified a new requirement from our 2FA solution, CRYPTOCard have already plugged it,” said Yasmeen Javaid. Mashreq is now in the process of upgrading its 2FA solution to CRYPTOCard’s BlackShield ID, in line with its growing needs. BlackShield ID will provide the bank with additional functionality including reporting, auditing, workflow and simplicity of integration into auxiliary banking applications.
 www.mashreqbank.com (opens a new window) www.cryptocard.com (opens a new window)
|