Central authentication system ČS MEP

The client's requirements

As part of its digital strategy, Česká spořitelna (ČS) requested a consolidated authentication solution, one which would enable it to develop its own electronic services as well as new online services relating to electronic identification and authentication.

The solution was necessary so as to implement architectural changes in online banking channels by means of centralizing security services (individuals points for the implementation of security operations, security methods and so on).

Key requirements included new security methods for mobile phones (mobile tokens, identified calls and voice biometrics) and the provision of security methods as services, both for internal applications and others outside the control of ČS (pertaining to a partner’s network or a third party).

The solution delivered

In cooperation with Deloitte (prior to 2016), MONET+ implemented in 2014-2018 its authentication system entitled Multichannel Entry Point (MEP) as the central security component for all processes related to electronic identification and user (especially client) authentication. MEP was designed to be a robust security solution, enabling the bank to share security functions across applications. It manages the entire life-cycle of the various authentication methods and issues user and technological interfaces for integration with third parties, including close and open federations. The solution was based on the CASE authentication system, which implemented support for the life-cycle of the given authentication methods – SMS OTP, user password, one-time activation codes and mobile tokens (CASE mobile). The mobile token was visually and functionally adapted to meet the needs of ČS (as per the George Key app). Key modules included the robust solution of MEP FS for federated identity services, based on OAuth, OpenID Connect and SAML protocols. Besides featuring integration functions with banking applications and those of third parties, the FS modules provided an interface for method abstraction (the target application is not affected by changes in security methods). The FS solution by MONET+ included delivery of a solution for federated authorization of transactions, the integration of voice biometrics in utility processes (security method operation portal) and the incorporation of web and mobile apps, including an interface to integrate such apps outside of federated protocols.

The benefits delivered by our solution

These included the following: the transfer of security processes (log-in, authorization, signature) from separate business channels to the central identity platform; the central administration of security methods; optimization of operating and maintenance costs; and the development of security methods.

The principles devised by MONET+ in the system’s architecture adhered with the demands for the solution required by the Erste group for George online banking, with the possibility for extension to other countries.

The solution consolidated the processes of electronic identification and authorization, including UX / UI principles for web and native applications for PCs and mobile devices.

It constituted a unified identity platform for banking applications and interoperability with third parties, employing federated identity principles/services and the PSD2 integration interface.

The solution was implemented by our MCA (Methods of Client Authentication) development team

headed by Milan Hrdlička

Do you want to join the team?