From October 21, Sumitomo Mitsui Banking Corporation customers will be able to enjoy the security benefits of two factor authentication solutions. Here, Jan Valcke COO of VASCO Data Security, explains the drivers for the deployment and what other financial institutions can learn from Sumitomo Mitsui Banking Corporation’s experience
Sumitomo Mitsui Banking Corporation (SMBC) is one of the largest financial institutes in the world. It has more than 1,550 branches in Japan and more than 50 affiliate companies worldwide. SMBC is a core company of Sumitomo Mitsui Financial Group (NYSE: SMFG) that offers retail banking, corporate banking (EB “SMAR&TS”) and investment banking, securities, consumer finance, leasing business, ITC etc. SMBC received the award of “Global Bank of the Year 2012” by Project Finance International.
What online security challenges is Japan experiencing?
The number of crimes, fraud cases and incidents on the Internet – such as phishing and man-in-the-middle attacks – is growing very rapidly in Japan. In the last few years, is not just been financial institutes that have been victims, but many other industries and organisations have also been targeted. Against this backdrop of increasing risk to all businesses, SMBC had to consider deploying more sophisticated security measures that would provide more resilience in the event of an attack.
When thinking about a new two factor authentication solution, what were SMBC’s priorities?
Security is always about resilience and convenience. However, ease of use and user friendliness are essential, too. Things that are easy to use, get used; this is imperative when that usage leads to improved security. Furthermore, the solution had to integrate seamlessly with technology investments that had already been made, in order to offer a shared security model with SMBC’s affiliate financial companies. The implementation had to be future-proof and scalable in order to withstand the more advanced and sophisticated attacks we can expect in the future.
WANT TO BUILD A FINANCIAL EMPIRE?
Subscribe to the Global Banking & Finance Review Newsletter for FREE Get Access to Exclusive Reports to Save Time & Money
By using this form you agree with the storage and handling of your data by this website. We Will Not Spam, Rent, or Sell Your Information.
How did SMBC protect against security threats in the past?
Previously, SMBC used another vendor’s solution. However, with future risks in mind, it decided it would now be appropriate to deploy VASCO’s DIGIPASS technology.
What VASCO solution was implemented and why?
SMBC elected to deploy VASCO’s VACMAN Controller, an API-based authentication platform that serves as a backend for DIGIPASS strong authentication and e-signatures. This works in conjunction with VASCO’s DIGIPASS 275 to help secure its retail banking service. Designed to provide an optimal end-user experience, the DIGIPASS 275 is a highly efficient, cost-effective and high-volume solution for any financial organization looking to add strong two-factor authentication to its existing security infrastructure. The bank decided the device offered the optimal balance between user-friendliness, cost-efficiency, security and a rigid defense against financial fraud and man-in-the middle attacks.
Why did SMBC choose solutions from VASCO over other vendors?
VASCO’s track record and legacy of proven solutions in financial institutes all over the world were a decisive factor. Moreover, this solution could be made available to all of the affiliate financial groups.
From a functional perspective, features of the DIGIPASS 275 won SMBC over: the device’s fashionable design, its portability and user-friendliness, made it ideally suited to bank’s customer base.
How long did the implementation take?
The implementation of VASCO’s VACMAN Controller took place within a year and went very smoothly. VASCO’s years of experience of banks and banking systems helped ease the implementation.
How did the bank communicate with its customers to make them aware that they could have a free DIGIPASS?
SMBC used several high profile methods to communicate the news of the free availability of the DIGIPASS 275 to its customers, and how it would benefit them from a security perspective when conducting their banking online. Customers were informed via SBMC’s own website, through national media – including newspapers and magazines about the financial industry – and even through national broadcast media, including the TV news.
What percentage of customers are expected to take up the offer a free DIGIPASS?
It anticipates that all customers will take up the offer of the free device after October 21, when the replacement of the existing security solution will be begin.
Does the bank have any feedback with respect to what its customers think of DIGIPASS and/or two-factor authentication?
As the customers will only start to receive their DIGIPASS device from October 21, it’s too early for customer feedback. However, from an internal perspective, SMBC has already indicated that it is very happy with the DIGIPASS 275: it is portable in the customers’ wallets, design-oriented and a functionally high-evaluated product. Moreover, VASCO’s proven record in successful global rollouts for the financial industry was a plus-point, too. SMBC has a high regard for VASCO’s solutions, so they trust them and depend on them to protect customers both now and when attacks arise in the future.
How does this implementation address security issues currently facing other banks?
While many of the other banks in Japan have implemented the TAN matrix cards to secure their logon, SMBC has implemented the more secure one-time password technology.
What can other banks learn from this implementation?
SMBC has been progressive in several ways. Thanks to VASCO’s DIGIPASS technology, the bank offers the right level of robust protection even against advanced attacks, which can compromise a customer’s security. The sophistication of the VASCO solution hasn’t just impressed other large banks and local banks; it has also come to the attention of financial authorities and even police agencies in Japan. All have been impressed by this progressive security measure taken by SMBC. Moreover, as SMBC is one of the three largest banks in Japan, by distributing the DIGIPASS devices free of charge through their numerous branches, SBMC will be able to provide online protection to many thousands of people.