hid-active-id-appliance-for-temenos-connect-digital-channels

ActivID® Authentication Services for Temenos Channels Software Solutions

ActivID® Authentication services provide a complete, versatile authentication solution for banks seeking to easily add authentication, from user name and password to a variety of strong authentication mechanisms. The ActivID Authentication Service adds strategic value by giving banks deploying Temenos Core Banking and Temenos Channels Software Solutions the flexibility to meet current and future needs for a range of user, device and service-channel options. The ActivID Appliance shortens the deployment time with TCIB software, allowing banks to confidently and quickly bring innovative products and services to market across multiple service channels. Securing lower-cost service channels drives economically profitable growth for adopting institutions.

Overview

Temenos Pre-Integrated Features and Capabilities

ActivID® Authentication Services provides secure multi-factor authentication and transaction signing capabilities for banks using Temenos Core Banking and Temenos Channels Software Solution. Pre-configured with Temenos Core Banking for easy deployment ActivID® Authentication Services supports automatic creation of user credentials when new users are added via Temenos Core Banking screens. The management of password lock/unlock and other critical authentication processes can be made directly from Temenos Core Banking admin screens. Banks can track authentication events directly in Temenos Core Banking user views. ActivID® Authentication Services provides secure multi-factor authentication and transaction signing for online banking customers on Temenos Connect Internet Banking.

Strong and Versatile Authentication

The ActivID® Appliance enables organisations to tailor authentication methods to the needs of specific groups of users, providing each with the right balance of security, cost and convenience necessary to meet their business objectives, as well as ensure regulatory compliance and policy adherence. It also supports the broadest range of authentication methods, from strong passwords to certificate-based authentication, including two-factor Oath standards-based hardware tokens, soft tokens, push notification services, device forensics and SMS Out-of Band One-Time Password (OTP) options. With the optional ActivID® Threat Detection Service, the appliance can also transparently protect online transactions from a wide range of threats, including Trojan and man in-the-browser (MitB) attacks. Available as either a software solution, hardware appliance or a virtual appliance, the solution helps to reduce costs with easy installation, worry free tokens that last up to eight years, and simple integration into an organisation’s existing banking infrastructure.

Features

HID Approve™ is a next-generation two-factor authentication solution that combines the security of public key-based cryptography with the convenience of mobile push notifications. HID Approve delivers a simple and secure way for users to authenticate and verify their transactions.

  • Trusted Identity – Assurance that the person taking the digital action is the person authorized to do so
  • Seamless Experience – The user interface is simple, intuitive, and powerful
  • Flexible Policy Customization – Fine grained security policies enable organizations to strike the appropriate balance between security and usability
  • Easy Rebranding – Organizations can easily brand the icon and interface with their own logo and color schemes
  • Robust Security – Security best practices, verified by testing and audits, detect and prevent real-time attacks via the device or the applications

ActivID® One-Time Password (OTP) Tokens from HID Global go beyond simple, static passwords to provide organisations an easy way to increase trust in a user’s identity and grant them appropriate access. When users need a network, system or cloud-based application, they simply use the combination of something they know (e.g. a PIN number) with the randomly generated, one-time password from their OTP Token to gain access.

ActivID One-Time Password (OTP) Hardware Tokens

  • OTP Mini Token: Designed for high-volume deployments, the OTP Mini Token is ideal for consumer and employee authentication, particularly for environments requiring waterproof devices. The OTP Mini Token can also be customized with corporate logos and case colors
  • OTP Flexi Token: This cost-efficient pin pad token that combines high functionality and flexibility with full graphical personalization on both sides of the device.
  • OTP Pocket Token: This portable, durable device is specifically designed for highly mobile users.
  • OTP One Token: Popular for employee authentication, this device features a keypad that provides support for PIN unlock and challenge/response authentication.
  • OTP Keychain Token: Compact and durable, this device’s small form factor makes it exceptionally convenient and portable for employee authentication.
  • OTP Desktop Token: The larger display face and buttons on this device simplify PIN entry and reduce eye strain, making it ideal for home or office use.
  • Any EMV CAP / DPA* compliant chip card with reader

ActivID One-Time Password (OTP) Software Tokens

  • Mobile Soft Token – A user wishing to access a protected resource, such as an internet banking site, uses the Mobile Token App to generate a One-Time Password. The application can be PIN protected. It is licensed per user, and licenses can be used across multiple personal mobile devices. The Mobile Token App is available for all leading mobile devices including Apple® iPhone® and iPad®, Android™, BlackBerry®, and many other Java 2 Platform, Micro Edition (J2ME) -enabled devices.
  • PC Soft Token – A user wishing to access a protected resource, such as a VPN, runs the PC Token to generate a One Time Password. The PC token can be PIN protected. Like the Web Token, the PC Soft Token is licensed per user, and can be reused if the user loses a laptop or leaves the organization. The ActivID PC Token can be easily distributed on a public website or as part of a standard machine build that is set up by IT staff. Users can access the token from the Microsoft® Windows system tray or launch the application from the Windows Start menu.

ActivID DisplayCard Tokens

  • DisplayCard Token: designed to easily enable remote access or consumer authentication to services, such as online banking. Facilitates mobility by allowing users to generate dynamic One-Time Passwords, without needing to use a card reader.
  • Smart DisplayCard Token:combines the security of a Token with public key infrastructure (PKI) features for online authentication in a Smart Card form factor. It’s embedded with a Smart Chip that supports standard Smart Card PKI capabilities, such as email encryption and digital signatures. It supports two user authentication modes: ‘Connected Mode’ for authentication from corporate-issued machines, and ‘Disconnected Mode’ for authentication from a kiosk or mobile device.

ActivID Authentication Services supports two Out of Band (OOB) authentication methods: SMS (Phone) and Email. ActivID delivers a One Time Password (OTP) that is a random number generated by the service and is sent to the customer by SMS or Email through a delivery gateway. Multiple SMS and Email Delivery Gateways can be configured. Users authenticate using the OTPs received on their cell phones or in their Email. These OTPs can be used only once each to authenticate to the channel banking solution.

As well as strong, multi-factor authentication, ActivID Authentication Services supports static credentials including Passwords, PINs, Memorable Facts and Secret Questions. Passwords and PINs are managed by a password policy that defines the constraints, complexity and length of the static credential. ActivID AS can manage multiple concurrent password policies. Static credentials can either be full or partial (seeded) responses.

  • Full − Requires entry of the full credential.
  • Partial − Requires entry of 2 or more characters from the full credential.

HID® Risk Management Solution: HID® Risk Management Solution is a threat and fraud detection solution using a real-time risk profiling technology that protects financial institutions against cybercriminals. It empowers financial institutions to protect transparently their end-users but also to ensure that their corporate data against threats, also known as zero-day threats, that target online and mobile banking, transaction systems and sensitive applications. A combination of evidence based threat detection capabilities, anomaly detection and behavioral biometrics supported by machine learning makes a perfect fit for combating the ever-changing threat landscape of modern banking applications. HID® Risk Management Solution uniquely embeds three different engines (behavioral biometrics, transaction anomaly detection and threat detection) to evaluate the risk in a more comprehensive and precise manner. It quantifies risk level with digital identity sensing technology, a unique set of device fingerprinting and user identification techniques. This makes the solution able to detect with a high level of accuracy a broad range of risks financial organisations are facing.

  • This solution can be deployed on premise or in the cloud, requiring virtually none or very simple integration which makes the deployment easy and fast. In addition, HID® Risk Management Solution provides a comprehensive dashboard helping organisations to improve efficiency by presenting a single view of the general trend of threat as well as the ability to follow specific device, user or session and detect attacks in a timely manner.
  • HID® Risk Management Solution associated with HID® Multi-Factor Authentication portfolio delivers to banks a risk based authentication turnkey solution bringing to the end users enhanced security with optimum user experience.

ActivID Authentication Services facilitates organisations to meet regulatory compliance requirements. Compliance with mandates: Secure Access is a fundamental pillar of mandates, ranging from PSD2 to FFIEC to PCI DSS. In practical terms, this means three things: one, proving that the user is who they claim to be (authentication), two, ensuring that the user’s access to resources and services is limited to that which they are authorised for (authorisation), and; three, keeping a trustworthy record of what the user does (audit). HID Global’s Identity Assurance solutions enable organisations to address all three of these requirements.

  • PSD2
  • FFIEC
  • PCI-DSS
  • GDPR

Resources

Get In Touch