EDB & Encap: Secure internet banking log-in using a mobile telephone
December 2008 by EDB & Encap
Many Norwegian internet banking users currently rely on security calculators to log in to their internet banking accounts. EDB, working in collaboration with the Norwegian technology company Encap, is now launching a new solution for secure log-in using a mobile telephone. The new solution may replace about 3 millions security calculators currently in use in Norway.
"We have recognized that Norwegian banking customers need a secure but simple way to access their internet bank without having to rely on a security code calculator. We have now found a solution that will simplify their everyday use of internet banking", explains Wiljar Nesse of EDB.
An increasing number of Norwegian banks currently use the BankID system for logging in to their internet banks. BankID uses what is known as two-factor authentication. Two-factor authentication uses "something you know" and "something you have" (often termed KNOW and HAVE factors). In practical terms, this normally means using a password and entering a code generated by a security instrument. Until now, banks have only been able to offer their customers security calculators or scratch card codes. These provide a high level of security, but do mean that the customer has to have the relevant security instrument to hand when carrying out authentication.
New services also need authentication
Norwegian banks are very actively involved in launching a number of new services that require authentication. Examples of this include Mobile Banking and the 3-D Secure security protocol to authenticate card transactions carried out over the internet. These services are in demand by customers, who need to be able to use them wherever they are.
Authentication using the mobile telephone
EDB can now offer two-factor authentication based on using a mobile telephone handset. The solution is simple to use, and authentication can be carried out from most models of mobile telephones sold in Norway over the last three years. The solution delivers secure authentication using a mobile telephone, which is something that customers will in practice always have available wherever they are. The Norwegian technology company Encap developed the solution, which is now being made available for Norwegian banks in collaboration with EDB. The solution uses the mobile handset’s Java platform, and therefore operates regardless of which mobile operator the banking customer uses.
Customers of banks that offer the service need to install the new solution on their mobile telephones, but this is a simple task.
Customers make their own choices
Each bank will make its own decision on whether to offer authentication from mobile telephones, and will also decide whether to offer this as an alternative to current solutions or whether it should replace them. One possibility is that internet banking users will be given the choice of which HAVE instrument they wish to use. The new solution satisfies the requirements set by the Norwegian Banks’ Standardisation Office for a HAVE instrument to use with the BankID system.