An integrated solution for centralized access, authentication and authorization across all digital channels and applications including federated identity for third-party applications access.
The client's requirements
The client requested an integrated solution for unified access, as well as electronic identification across electronic channels and applications, incl. authenticated access to and from third party applications.
The project’s objectives included requirements for:
- Unified identification of customers for online banking services; incl. unified client service processes
- A security component for use across electronic services (a security method permitting integration in various online and mobile banking channels)
- A unified security platform, enabling the bank to make strategic partnerships with third parties
The solution delivered
The project by MONET+ for ČSOB was implemented in 2017, and development continues on it to the present day. It comprises our Multichannel Entry Point (MEP) authentication system as the central security component for all processes related to electronic identification and authentication of users, based on the principles of federated services and identity federation.
MEP constitutes a security solution, hence it permits the bank to share security functions across applications; it manages the entire life cycle of the given authentication methods, and creates user and technological interfaces for integration with third parties (incl. closed and open federations).
Its key modules are MEP FS solutions for identity federation on the basis of OAuth and OpenID Connect protocols and integration in web and mobile apps, incl. interfaces for integrating applications outside of federation protocols.
Our solution, based on the CASE authentication server, provides support for the validity of the following authentication methods: mobile tokens (ČSOB Smart key), SMS OTP, passwords and offline one-time activation codes.
The MEP system permits extensions to cover modules for third party administration and their application in the context of PSD2 services.
The benefits delivered
The solution transferred old security processes (login, authorization, signature) from different business channels, to a single central identity platform. Other benefits include central administration of security methods, optimization of operating and maintenance costs, and the development of security methods.
Consolidation was conducted of electronic identification, authentication and authorization processes as a single solution, incl. UX / UI principles for web and native applications for PCs or mobile devices.
The unified identity platform for banking applications and interoperability with third parties respected the principles of identity federations or the use of PSD2 services and an integration interface.
(Methods of Client Authentication)