Metrobank, one of the largest private banks in the Philippines, has selected IBM to integrate and implement an advanced security solution for its Metrobankdirect, an Internet banking facility.
The agreement, signed in November 2008, will see IBM Internet Security Systems deploy the Two-Factor Authentication (2FA) security solution by which the user provides a second means of identification in order to obtain access to Metrobank's online banking facility. IBM brings its proven project management methodology and technical expertise, integrated with VASCO's authentication token solution and Data Security Systems Solutions' strong authentication and token management solutions for the implementation of this project.
New and changing risks in cyberspace such as identity theft, phishing, pharming, and increasing incidents of fraud caused serious concern for companies doing business over the Internet. Banks and financial institutions, in particular, are common targets and face the challenge of continuously looking for effective measures to safeguard customers' information and electronic transactions.
"Our objective is to have the strongest level of security for online banking without having to complicate the sign-in and user authentication procedures that might drive online users away," said Dennis Suico, Executive Vice President, Metrobank. "As Metrobankdirect Internet banking facility has been gaining popularity, we want to maintain this leadership by ensuring a secure Internet online facility to increase the level of protection for our clients."
With 2FA, Metrobank will be able to strengthen its compliance with BSP Circular 542 on Consumer Protection for Electronic Banking.
Before the security upgrade, Metrobankdirect used single factor-authentication whereby a user is required to enter a customer ID and password to prove the user's real identity. The 2FA will enhance the authentication process by requiring a second means of identification through a security token thereby protecting clients against evolving online banking threats. To date, it is the most suitable level of security in online banking while maintaining a simplified user sign-on procedure.
"IBM has long been a leader in access and identity management and we're expanding that lead with complementary services around the world," explained James Velasquez, Country General Manager, IBM Philippines. "Account fraud and identity theft are frequently the result of exploitation of single-factor authentication. With the 2FA security process, we're securing the bank's assets, minimizing fraudulent transactions and reducing the exposure to online fraud caused by offline phishing attacks and other offline/online credential stealing threats."
The common known threats or vulnerabilities in the banking and financial services sector include Offline Credential Stealing, Online Credential Stealing, Online Communication Channel Tampering, Online Transaction Manipulation, and Online Authorization Redirection.