In the wake of the recent surge in incidents of Internet banking frauds, RBI has issued a series of guidelines for banks. These guidelines are aimed to stem the rising incidents of cyber frauds with banks and their customers. They are also meant to boost the confidence of the banking customers and regulators.
The gist of the RBI guidelines
The regulatory authority – RBI, has directed banks to ensure that all the web applications are secured against various web security risks. The regulator has insisted on the implementation of the defense-in-depth paradigm. The banks have been asked to implement a series of defensive mechanisms as a layered approach to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack.
In the slew of measures included, RBI has particularly stressed the implementation of multi-factor authentication (MFA). In the circular, the RBI has insisted on a three-pronged implementation methodology, which includes:
- Something the user knows (e.g., password, PIN)
- Something the user has (e.g., ATM Card number/grid, smart card)
- Something the user is (e.g., biometric characteristics – fingerprint)
The MFA implementation is designed as a strong fraud deterrent and to protect the confidentiality of the customer account and transaction details. It ought to enhance confidence in internet banking by combating various cyber-attack mechanisms like phishing, keylogging, ransomware, spyware/malware, and other internet-based frauds targeted at banks and their customers.
RBI has made the MFA implementation mandatory for all transactions through the internet. The layers of MFA can be graded as per the type of the customer and the magnitude of the funds involved. An authenticated session, together with its encryption protocol, should remain intact throughout the interaction with the customer.
Accops HyID: A perfect solution
Accops HyID is aimed to safeguard critical business applications from internal and external obfuscation threats. Our solutions provide the banks with strong control over the organization and customer endpoints, enabling contextual access, device entry control, and a flexible policy framework.
The out-of-the-box MFA is compatible with all modern and legacy apps, cloud and on-prem apps. It enables strong authentication based on OTP delivered via SMS, email, and app, biometrics, and device hardware ID & PKI.
Using our solutions, BFSI organizations can monitor their security posture of the endpoints, including BYOD devices, and grant or deny access based on real-time risk assessment. Our solution can generate alerts if access to any corporate application by a user, breaches the set risk thresholds.
HyID provides actionable intelligence, enabling organizations to detect and prevent identity thefts and misuse of privilege rights. Detailed audit logs on who accessed what, when, and how, enable compliance with regulatory norms.
Accops BioAuth solution
Accops BioAuth solution is a biometric authentication server providing fingerprint and face authentication solutions. BioAuth, combined with HyID can be used to quickly enable biometric-based multi-factor authentication to any corporate application or PC, or laptop.
Organizations can choose between fingerprint and facial-based authentication or bring their fingerprint scanners and use BioAuth to manage the biometric data capturing, enrollment, identification, and authentication of users. BioAuth’s flexible workflow enables the maker-checker process for user onboarding possible in any complex organizational structure. BioAuth provides support for multiple fingerprint readers as well as Microsoft Windows WinBIO. Accops HyID and BioAuth can be used for any corporate application that supports Microsoft Active Directory or SAML protocol for authentication.
Accops ZTNA solution
Accops HySecure is a cutting-edge Zero Trust Network Access (ZTNA) gateway solution that revolutionizes the security landscape for the BFSI sector. It allows financial institutions to enforce strict access controls based on user identity, device posture, and other contextual factors, reducing the risk of unauthorized access and data breaches. By adopting ZTNA, banks and insurance companies can strengthen their security posture, comply with industry regulations, and gain a competitive edge in the dynamic financial landscape.
Conclusion
Accops HyID and BioAuth solutions are designed to help banks meet the RBI guidelines for MFA implementation. Accops ZTNA is a powerful solution that enhances data protection, reduces attack surface, and provides a seamless user experience. Designed by Accops – Make-in-India champion, the cooperative banks can achieve compliance in no time.