Secure Banking using Digital Signatures
eMudhra helps large Banks in India secure login authentication and fund transfers using Digital Signatures
The Banking regulator in India and the Central Bank – The Reserve Bank of India came out with a detailed study on enabling Public Key Infrastructure and Digital Signature in the Banking System. The report highlighted that the interbank clearing for electronic payment systems used PKI and this constituted over 90% in terms of value of transactions in the year 2012-13.
With increasing cyber frauds, the Reserve Bank of India felt the need to extend Digital Signature usage to end customers of Corporate and Retail Internet Banking since Digital Signatures offer very high security, enable risk containment and provide legal non-repudiation.
Enhancing the security of online Banking transactions and electronic payment systems. Banks must create an authentication environment for password based two factor authentication as well as PKI based system for authentication and transaction verification. Customers must be informed of risks, existing security measures and they must be given a choice to select different methods of authentication that matches their security requirements.*
Banking Security
With increasing transactions taking place over mobile and Internet, the Banking regulator - The Reserve Bank of India felt the need to comprehensively enhance security measures in Online banking to enhance privacy, confidentiality, authenticity and legal non-repudiation wherever required.
Business Needs
Enabling two factor and multi factor authentication for Online Banking using Digital Signatures, One Time Passwords etc based on risk assessment of transactions.
Approach
Deploy an integrated solution for multi factor authentication including Digital Signatures to allow customers to securely login and conduct online transactions.
Digital Signature Technology
The Digital Signature Technology works on the Public Key Infrastructure framework which uses a Cryptographic Key Pair – Private and Public Key for secure access and transmission of Information.
The Public Key Infrastructure framework Is prescribed in a model law provided by UNCITRAL (A United Nations body) for International Trade and Commerce.
Benefits
Banks have reaped significant benefits by implementing digital signature based authentication and fund transfers.
These include:
- Legal non-repudiation thereby reducing frauds
- Enabling enhanced security through the full chain of electronic payments from initiation to settlement
- Offering anywhere, anytime filing of forms for customer onboarding, service requests etc.
- Faster turnaround time, increased employee efficiency, productivity and transparency
- Meeting compliance & regulatory requirements
The Solution
eMudhra being a Licensed Certifying Authority in India and also a PKI solution provider implemented SecurePass– eMudhra Authentication Server to enable Digital Signature based login and fund transfer.
SecurePass is a plug and play authentication server that is implemented in over 45 banks in India across a variety of core banking/ internet banking applications.
SecurePass works on top of the Internet Banking platform to provide digital signature signing and authentication. It works with leading core banking platforms such as Finacle, Flexcube, Bancs etc.
The SecurePass solution provides the following broad modules:
- SecurePass – To authenticate, verify digital signature certificates on real time basis
- Configuration Module - Signature, Encryption & HSM
- Hardware Security Module - FIPS 140-2 level 3 certified physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing
- emCA – Certificate Authority Solution
- Certificate Issuance - To manage the issuance, revocation of Digital Signature certificates
- Certificate Download - For downloading Digital Certificates from Certifying Authority (CA) as a soft or crypto token
- Certificate Registration - To allow the customer to register their digital signature on the application
SecurePass – Transaction Workflow
