BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 1

BANKING 2.0: TOWARDS NEXT GENERATION INTERNET

BANKING EASE OF USE OF ATM WITH THE FLEXIBILITY OF INTERNET BANKING

he economic and competitive environment of

today puts an increasing pressure on Banks &

Financial Institutions (Banks) to increase

revenues and reduce costs. This can be done by

increasing customer acquisition and providing

excellent customer service using cheaper channels.

Over the past few decades, technology has transformed

the way Banks do business. They are operating on 24x7

and 365 days basis. Now they do not need physical

proximity to reach out to their customers and can service

them in any nook and corner of the world.

The technology revolution of new channels for banking

started with the ATM. The convenience of the ATM

transformed the cash dispensing aspect of Banks.

Internet Banking leveraged the Internet channel to

enable the customers to access their bank from the

comfort of their homes. The 3 most critical drivers for

Internet Banking have been:

1. A channel that still offers the lowest cost per

transaction

2. Offering services to customers without any

geographical limitations - increasing customer

reach

3. On demand Banking – customers are in touch

with the bank always at any time of the day

FUNDAMENTAL BARRIERS

As more and more banks offer Internet Banking, the

distinction between the services offered by them have

diminished. Additionally, the Customers’ PC and the

Internet have become the favorite hunting grounds for

people and organizations with malicious intent to steal

identity and information of the Banks’ customers and

commit fraudulent activities.

Unlike ATM, the browser acts as an Internet Banking

channel for any bank and the Bank does not have any

control over the integrity and security of the browser or

the Internet channel. Hence the Bank cannot brand it and

neither can protect its customers from man-in-the-

middle and man-in-the-browser programs. Neither can

the Bank control the processes running on its Customers’

PC which can steal the Login/Password/OTP data of the

customers.

The use of email by the bank to communicate with its

customers has led to a spate of phishing attacks with

somebody else impersonating the Bank to steal

customers’ personal information and logon credentials.

Owing to this a lot of customers today are afraid of doing

Online Banking and the Banks are unsure whether the

millions of transactions hitting their server everyday are

from genuine Internet Banking customers or from a

fraudster. These reasons create a fundamental barrier for

the bank to effectively utilize the Internet as a banking

service delivery channel.

EXISTING SOLUTIONS

A lot of products such as RSA/Vasco/VeriSign hardware

tokens, Risk-based Authentication, Device Fingerprinting,

PKI client certificates claim to provide a solution to these

problems. But despite having these products:

1. Has the Bank’s business increased?

2. Has the Internet Banking usage increased?

3. Have the Bank’s costs reduced?

4. Have the products really solved the security

problem?

INTERNET BANKING 2.0

What if the Bank could have a technology that:

1. Provided features of an ATM - “branded secure

transaction machine” (except cash dispensing)

2. was simple to use, similar to ATM, hence would

not require any additional customer education –

use your PIN and do banking

3. retained the flexibility of Internet (browser

based) Banking

4. would allow the bank to securely communicate

with the customer, eliminating the use of emails

and other insecure channels

5. would allow the bank to market new products

and services, and that too personalized

6. was based on military grade security technology

(and 2FA enabled)

7. the customers could carry with them in their

pockets!

T

BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 2

REL-ID TRUBANK 2.0

The REL-ID TruBank 2.0 is a USB-based custom-branded

delivery channel that can be used by banks to offer

services to their customers.

The TruBank 2.0 consists of the following:

1. Custom-branded browser application for

provisioning of various services to the customers.

2. Built-in REL-ID Mutual Authentication Protocol to

create a mutually authenticated secure channel

over the internet.

3. Rel-ID TruToken for 2-factor authentication

4. Dedicated Customer Care Channel for secure

communications with customers.

5. Secure Desktop Technology for protection

against malicious programs on the User’s

machine

6. Secure Transaction Authentication, Verification

and Signing

7. Out-of-Band Authentication using Mobile SMS

One-Time-Password Solution

8. TruSite Website Authentication Technology

REL-ID POCKET BANKING MACHINE FEATURES

1. Branded Secure Browser

a. Look and feel of the TruToken Browser can be completely customized/ personalized.

b. Banks can market new products and services to the customer

c. Banks can securely communicate with the customers (optional chat and messaging tool for sending

account statements etc)

d. Removes the security vulnerabilities like man-in-the-browser attacks of Internet Explorer/FireFox etc.

2. Agile

a. TruBank 2.0 USB form factor provides for maximum mobility

b. Can be totally remotely managed

c. Can be optionally installed on Personal Laptop’s and Home PC’s

3. Uses military grade security technology

a. Built-in multi-factor authentication technology (TruTokenTM

) which is based on REL-ID Mutual

Authentication Protocol (RMAP)

b. Identity credentials (Login-ID/Password/PIN etc) are NOT transmitted over the communication

channel – hence providing protection from the most sophisticated attack vectors like man-in-the-

middle attacks

c. Provides end-to-end encryption over and above SSL

d. Creates a run-time secure desktop environment to protect from Man-on-the-machine/key-logger

attacks

e. Provides transaction signing, verification and authentication features over a separate channel

REL-ID TRUBANK 2.0 BUSINESS BENEFITS

1. Introduces a new channel (a game changer) that combines the best of ATM and internet banking channels

while removing the vulnerabilities and limitations of both

2. Significantly reduces transaction costs

3. Banks can promote new services and products, that too personalized

4. Based on military grade security providing end to end security without compromising on agility

5. Significantly improves customer trust, communication and hence retention

6. No change in user behavior, since using TruBank 2.0 is similar to using an ATM and normal Internet Banking,

hence very little or no customer education required

BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 3

REL-ID POCKET BANKING MACHINE SCREENSHOTS

TRUBANK 2.0 WITH TRUTOKEN

Secure Customizable Browser

(protects from man-in-the-browser attacks)

Built-in 2FA Mutual Authentication Token

(provides for additional user authentication)

Dedicated Customer Care Channel

(protects from email attacks)

USB Form Factor for mobility

Internet

Bank’s Server

RMAP+SSL Channel

Mutual authenticated connection

(protects from man-in-the-middle

attacks)

Secure Desktop

(protects from

trojans/password

sniffers)

TRUBANK 2.0 WITH INTEGRATED CUSTOMER SERVICE APPLICATION AND SECURE MESSAGING

BANKING 2.0: TOWARDS NEXT GENERATION INTERNET BANKING 4

FUNDAMENTAL BARRIERS OF INTERNET BANKING 1.0

Browser is an universal client unlike an ATM,

hence you cannot brand it, and protect it from

man-in-the-browser programs

You cannot control the processes running on

the OS - Trojans (password sniffers) can read

the login/password/OTP data

Customer PC

Bank’s Server

Internet

Hacker’s Machine

Unauthenticated connection –

resulting in man-in-the-middle

and phishing attacks (making

OTP ineffective)

Transactions cannot be

digitally signed, resulting in

non-repudiation issues

Fraudulent Emails

Start your relationship with us | www.uniken.com | info@uniken.com | US: +1 (813) 943-3552 | India: +91 (020) 20250003

COPYRIGHT © 2007-09 Uniken Systems Pvt. Ltd. 052009

All rights reserved. No part of this work may be reproduced, stored in a retrieval system, adopted or transmitted in any form or by any means (electronic, mechanical,

photographic, graphic, optic recording or otherwise), translated in any language or computer language, without the prior written permission of Uniken Systems Pvt. Ltd.

Due care has been taken to make this document as accurate as possible. However, Uniken makes no representation or warranties with respect to the contents hereof and

shall not be responsible for any loss or damage caused to the user by the direct or indirect use of this document. Furthermore, Uniken reserves the right to alter, modify

or otherwise change in any manner the content hereof, without obligation of Uniken to notify any person of such revision or changes.

REL-ID, REL-ID Logo, REL-ID Tag Line, TruToken, TruSite are registered trademarks of REL-ID Technologies, Inc. a wholly owned subsidiary of Uniken Business Solutions,

Inc.