Discover how HID® ActivID Authentication Platform can be used as an IdP solution

An Identity Provider solution for banks

HID ActivID Authentication Platform: the complete IAM solution to become trusted digital identity providers for banks’ customers.As the financial services industry continues to be reshaped by the Revised Payment Service Directive (PSD2), Open Banking, Anti Money Laundering (AML) and Know Your Customer (KYC), the ability to provide and manage digital identities has become critical for banks to authenticate and enable core digital and online services. With the HID ActivID Authentication Platform, banks can simplify logins, remove complexity from securing transactions, and support any number of customer-centric interactions in the Internet of Things (IoT) economy.

“The result

promises to

be increased

financial

transparency,

greater

collaboration

across

organizations.”

A New Day for BankingOpen Banking signals a shift from the days when financial institutions would hold and manage their customers’ information, to a model where personal information can be shared among organizations. The result promises to be increased financial transparency, greater collaboration across organizations, and offerings tailored to what customers want in an increasingly digital world. Now, banks are able to offer innovative new business models, create more value for customers, and grow their businesses by capitalizing on the data they possess. Further, PSD2 has incentivized banks that offer online-accessible payments to make their customer and account data available to external third-party providers (TPPs).

These TPPs can now use Application Programming Interfaces (APIs) to connect to the bank, access certain amounts of data, and provide services based on that information. For instance, a bank could provide a single view of a customer’s accounts across all of that customer’s financial services providers: credit cards, residential mortgage, retirement accounts and more. Another example: a customers’ smart car can be linked to their banking account to automatically make payments at toll booths, parking garages, gas stations and handle other automobile-oriented transactions. To support these types of customer services, however, secure two-way authentication is absolutely critical. In fact, Strong Customer Authentication (SCA) and dynamic linking are key requirements under PSD2, stipulating that a person must be authenticated through multi-factor authentication and that financial transactions must be digitally signed before they can be processed.

The HID ActivID Authentication Platform—Powerful Authentication and Identity Management for the Open Banking EraHID Global’s ActivID Authentication Platform provides the entire set of capabilities that banks need to become full-service global identity providers, and to develop and deploy any number of value-added offerings based on Open Banking principles. For bank customers, the solution enables convenient, highly secure access to sensitive data on their smartphones, tablets, laptops, and virtually any other device. For third-party providers, it means they can rely on the same authentication methods banks provide in their roles as account servicing payment service providers (ASPSP). TPPs can easily redirect authentication to the bank as the identity provider. Ultimately, as the trusted provider of secure digital identity at the center of the emerging financial ecosystem, the opportunities for banks to innovate new services that will delight customers and lock in their loyalty are endless.

How It Works —Powerful, Secure, EasyThe ActivID Authentication Server supports the broadest range of authentication methods, from strong passwords to certificate-based authentication, including two-factor, OATH- standards-based hardware tokens, soft tokens, device forensics, and SMS Out-of-Band One-Time Password (OTP) options. Deployment is simplified through the platform’s pre-integration with major cloud apps, VPN systems, application servers, banking applications and other third-party systems. The ActivID Authentication Server can help to reduce total cost of ownership with easy installation, worry-free tokens that last up to eight years, and simple integration into existing network infrastructure. It’s a proven, enterprise-grade identity and authentication solution with a set of features that make it ideal for banking applications:

¡ Support for over 15 authentication methods

• Knowledge-based authentication

• Multi-factor authentication

- Software tokens with push-based authentication

- Hardware Tokens

- Support for FIDO2

- Out-of-Band Authentication with SMS and email

- Biometry and more

¡ Interoperability for easy integration

• Support for SAMLv2

• Support for OpenID Connect with Auth Code Flow

• Additional OpenID Connect grant types available when using API directly

¡ Customization, localization, and UI accessibility of authentication portal

• Easy re-branding for quick solution deployment

• Localization to adapt to the end user’s region

• Built-in accessibility to enable users with physical disabilities

¡ OpenID Connect conformance to FAPI and Open Banking security profiles

• Drive adoption of PSD2 and open APIs

• Ease security integration between account servicing payment service providers (ASPSP) and third-party providers (TPPs)

¡ Policy driven, organization-wide authentication with fine-grained authentication policies

¡ Easily integrates with applications to leverage strong authentication

¡ Digitally signed and sequenced audit logging and policies

¡ Secure, highly scalable (from 100s to millions), resilient architecture

¡ Strong segregation between different user populations with security domains

¡ Works concurrently with legacy authentication servers for graceful and efficient migration

¡ Integrates with Active Directory and most standard LDAP, allowing organizations to leverage their existing user repository (can be deployed with internal database when there is no existing LDAP)

¡ Flexibly allows organizations to generate their own security seed files for hardware token deployments

¡ Tokens auto-synchronize to improve reliability and security as well as reduce support calls

¡ Secure real-time transaction authorization for mobile applications to provide government-strength security with consumer ease of use

¡ Integrates seamlessly with full suite of credential management, middleware, smart card, single sign-on, mobility and physical access control offerings

¡ Supports consent management for third-party provider applications

• Prove the user has given consent for the TPP to access their data.

• Highlight the benefit of user consent being addressed alongside authentication to ensure identity assurance around the consent management

“HID ActivID

Authentication

Server—The

banking solution

enabling you

to become

the trusted

global identity

provider to

your entire

customer base

in the Open

Banking era.”

Why Banks Are The Ideal Identity ProvidersDigital identity has become a competitive space in recent years. Online giants such as Google, Facebook and Apple have come to dominate a lot of consumer mindshare around identity with their ubiquitous and convenient single sign-on offerings. Yet while adoption of identity through these Internet brands is broad, customer dedication is not deep. After all, it costs nothing to set up a Gmail account.

Individuals’ relationships with their banks are far different. A bank’s core business is based on trust. Customers rely on their banks not only to keep their money safe, but also to act on their behalf in making payments and settling accounts with third parties, and keeping their private information secure. A Unisys survey of UK citizens found that consumers trust their banks more to keep their private data secure than they do government agencies.

The confluence of Open Banking and emerging IoT business models based on fast, convenient transactions initiated and executed via apps, smartphones and tablets will inevitably require individuals to align themselves with a global identity provider. Banks are ideally positioned to serve in this role for a host of reasons. Under the regulations shaping today’s financial services industry —including KYC, AML and PSD2—banks have to go through in-depth identity verification prior to opening an account with a new customer. They therefore have a complete set of accurate identity information about their customers, in contrast to commodity online services that are free to anyone with a digital device. Consider:

¡ A global identity provider can only be successful if the user puts trust into it.

¡ Instant payment capabilities are coming into play in all kinds of new IoT business models – putting banks in the front line for authentication.

¡ Specialized payment apps and similar lack the core, often longstanding relationships individuals have with their banking providers.

» THE HID ACTIVID AUTHENTICATION PLATFORM

POSITIONS BANKS TO BECOME THEIR

CUSTOMERS’ GLOBAL IDENTITY PROVIDER. «

Rock Solid Security with HID Risk Management The ActivID Authentication Platform integrates seamlessly with the HID Risk Management Solution, which enables adaptive step-up authentication and account take-over protection. The HID Risk Management Solution uses machine learning and artificial intelligence to protect online transactions from a wide range of threats, including fraudulent transactions, financial malware and man-in-the-browser (MitB attacks).

HID Risk Management also supports risk-based advanced authentication, allowing organizations to deploy a highly secure authentication workflow that is transparent to the end user.

For more information, visit: hidglobal.com/products/software/activid/activid-authentication-server

hidglobal.com

© 2020 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, the Chain Design, ActivID, ActivID Authentication Platform, and OpenID are trademarks or registered trademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission. All other trademarks, service marks, and product or service names are trademarks or registered trademarks of their respective owners.

2020-05-12-hid-solution-guide-banking-id-provider-rg-en PLT-05171

An ASSA ABLOY Group brand

North America: +1 512 776 9000 • Toll Free: 1 800 237 7769 Europe, Middle East, Africa: +44 1440 714 850 Asia Pacific: +852 3160 9800 • Latin America: +52 55 9171 1108