Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


From October 21, Sumitomo Mitsui Banking Corporation customers will be able to enjoy the security benefits of two factor authentication solutions. Here, Jan Valcke COO of VASCO Data Security, explains the drivers for the deployment and what other financial institutions can learn from Sumitomo Mitsui Banking Corporation’s experience

Jan Valcke COO VASCO
Jan Valcke COO VASCO

Sumitomo Mitsui Banking Corporation (SMBC) is one of the largest financial institutes in the world. It has more than 1,550 branches in Japan and more than 50 affiliate companies worldwide. SMBC is a core company of Sumitomo Mitsui Financial Group (NYSE: SMFG) that offers retail banking, corporate banking (EB “SMAR&TS”) and investment banking, securities, consumer finance, leasing business, ITC etc. SMBC received the award of “Global Bank of the Year 2012” by Project Finance International.

What online security challenges is Japan experiencing?
The number of crimes, fraud cases and incidents on the Internet – such as phishing and man-in-the-middle attacks – is growing very rapidly in Japan. In the last few years, is not just been financial institutes that have been victims, but many other industries and organisations have also been targeted. Against this backdrop of increasing risk to all businesses, SMBC had to consider deploying more sophisticated security measures that would provide more resilience in the event of an attack.

When thinking about a new two factor authentication solution, what were SMBC’s priorities?
Security is always about resilience and convenience. However, ease of use and user friendliness are essential, too. Things that are easy to use, get used; this is imperative when that usage leads to improved security. Furthermore, the solution had to integrate seamlessly with technology investments that had already been made, in order to offer a shared security model with SMBC’s affiliate financial companies. The implementation had to be future-proof and scalable in order to withstand the more advanced and sophisticated attacks we can expect in the future.

How did SMBC protect against security threats in the past?
Previously, SMBC used another vendor’s solution. However, with future risks in mind, it decided it would now be appropriate to deploy VASCO’s DIGIPASS technology.

What VASCO solution was implemented and why?
SMBC elected to deploy VASCO’s VACMAN Controller, an API-based authentication platform that serves as a backend for DIGIPASS strong authentication and e-signatures. This works in conjunction with VASCO’s DIGIPASS 275 to help secure its retail banking service. Designed to provide an optimal end-user experience, the DIGIPASS 275 is a highly efficient, cost-effective and high-volume solution for any financial organization looking to add strong two-factor authentication to its existing security infrastructure. The bank decided the device offered the optimal balance between user-friendliness, cost-efficiency, security and a rigid defense against financial fraud and man-in-the middle attacks.

Why did SMBC choose solutions from VASCO over other vendors?
VASCO’s track record and legacy of proven solutions in financial institutes all over the world were a decisive factor. Moreover, this solution could be made available to all of the affiliate financial groups.
From a functional perspective, features of the DIGIPASS 275 won SMBC over: the device’s fashionable design, its portability and user-friendliness, made it ideally suited to bank’s customer base.

How long did the implementation take?
The implementation of VASCO’s VACMAN Controller took place within a year and went very smoothly. VASCO’s years of experience of banks and banking systems helped ease the implementation.

How did the bank communicate with its customers to make them aware that they could have a free DIGIPASS?
SMBC used several high profile methods to communicate the news of the free availability of the DIGIPASS 275 to its customers, and how it would benefit them from a security perspective when conducting their banking online. Customers were informed via SBMC’s own website, through national media – including newspapers and magazines about the financial industry – and even through national broadcast media, including the TV news.

What percentage of customers are expected to take up the offer a free DIGIPASS?
It anticipates that all customers will take up the offer of the free device after October 21, when the replacement of the existing security solution will be begin.

Does the bank have any feedback with respect to what its customers think of DIGIPASS and/or two-factor authentication?
As the customers will only start to receive their DIGIPASS device from October 21, it’s too early for customer feedback. However, from an internal perspective, SMBC has already indicated that it is very happy with the DIGIPASS 275: it is portable in the customers’ wallets, design-oriented and a functionally high-evaluated product. Moreover, VASCO’s proven record in successful global rollouts for the financial industry was a plus-point, too. SMBC has a high regard for VASCO’s solutions, so they trust them and depend on them to protect customers both now and when attacks arise in the future.

How does this implementation address security issues currently facing other banks?
While many of the other banks in Japan have implemented the TAN matrix cards to secure their logon, SMBC has implemented the more secure one-time password technology.

What can other banks learn from this implementation?
SMBC has been progressive in several ways. Thanks to VASCO’s DIGIPASS technology, the bank offers the right level of robust protection even against advanced attacks, which can compromise a customer’s security. The sophistication of the VASCO solution hasn’t just impressed other large banks and local banks; it has also come to the attention of financial authorities and even police agencies in Japan. All have been impressed by this progressive security measure taken by SMBC. Moreover, as SMBC is one of the three largest banks in Japan, by distributing the DIGIPASS devices free of charge through their numerous branches, SBMC will be able to provide online protection to many thousands of people.