US Bancorp will use a hardware-token based
authentication service from VeriSign to secure access to commercial
banking services for its customers.
The bank will use VeriSign's Unified Authentication service to
validate and secure interactions with commercial banking customers,
providing them with a secure USB token that they must use when
accessing services online.
The deal is just the latest evidence of renewed interest in
so-called "multifactor" authentication within the banking industry,
which is struggling with an epidemic of sophisticated online
identity theft scams, according to Judy Lin, executive
vice-president for VeriSign's security services.
As part of the programme, US Bancorp will make VeriSign security
tokens available to more than 10,000 commercial banking customers.
Those tokens will hold a digital certificate that identifies the
bearer and will need to be inserted into machines before accessing
web-based commercial banking applications, Lin said.
The Unified Authentication service combines VeriSign-branded
eToken USB authentication devices from Aladdin Knowledge Systems
with a managed validation service that runs on VeriSign's
infrastructure.
It also includes software modules that plug into a bank's
existing back-end infrastructure. Banks can also choose to operate
their own validation server as part of the service, Lin said.
At US Bancorp, the authentication service will be integrated
with existing user directory and identity management technology,
validating interactions between the bank and its customers. A
server operated by VeriSign will handle token validation, but no
customer information will leave US Bancorp's network in the
process, she said.
VeriSign launched the Unified Authentication service in
September as an extension of its Intelligence and ControlSM
Services, which offer businesses network security information and
tools.
User login and permission information resides in the customer's
user directory, but is linked to a unique serial number for a
secure token or other authentication device stored on a VeriSign
server. Login requests by users will be passed to the VeriSign
server, where a stored algorithm will validate that the serial
number of the secure token or the one-time password is valid for
the user requesting access, VeriSign said.
US Bancorp is the eighth largest bank in the US.
The bank is looking into a similar programme for its consumer
banking customers, although such a service would likely forgo use
of USB hardware tokens, which can cost $20 or more each. Instead,
inexpensive solutions such as plastic cards with lists of
single-use passwords could be employed, she said.
Paul Roberts writes for IDG News Service