Financial Services

CITIC Ka Wah Bank: OneKey Two-factor Authentication Solution

Background

In view of the growing acceptance of Internet banking services and sophistication of Internet banking frauds, the banking industry reached a general consensus in 2004 to strengthen the Internet banking security by implementing two-factor authentication. The Hong Kong Monetary Authority (HKMA) endorsed this consensus and issued a circular in June 2004 requesting banks to implement such security measure by June 2005 for high-risk retail Internet banking transactions.

In line with the HKMA's guideline, CITIC Ka Wah Bank (the "Bank") has adopted PCCW Solutions' OneKey - a highly sophisticated and secure authentication service to protect banking customers engaging in online banking transactions.

The technology used in its OneKey Solution will be totally transparent to our customers, yet it can provide our customers with total confidence by frustrating any criminal attempts operating through the Internet. We are confident that this will encourage our customers to transact more via our i-banking services in future.

Lorraine Lam

Executive Vice President and Head of Retail Banking Group CITIC Ka Wah Bank

Challenges

CITIC Ka Wah Bank required a cost-effective solution to tackle the latest Internet banking frauds such as fraudulent bank websites and phishing emails. It has planned for a dual option two-factor authentication, allowing i-banking customers to use either Hongkong Post's e-Cert or SMS-based one-time password for conducting their high-risk online transactions. The Bank was facing a tight implementation deadline to launch the two-factor authentication by June 2005. It required a proven security solution that can be easily and quickly integrated with the Bank's existing i-banking system with minimal customisation efforts. In addition, the security platform must be user-friendly and reliable.

Solutions

PCCW Solutions has helped CITIC Ka Wah Bank to successfully rollout the two-factor authentication service under the tight schedule. With the introduction of OneKey, a PCCW Solutions' self developed authentication solution that employs state-of-the-art security technologies, the Bank's Internet banking customers receive double protection by being assured that not only is their e-Cert verified but that the website they have logged onto is legitimate. OneKey greatly enhances security without compromising performance and ease of use. OneKey serves as a technology overlay to the Bank's existing i-banking platform. It does not, however, access the CITIC Ka Wah Bank's proprietary customer database so customer data privacy is protected.

PCCW Solutions had assisted Hongkong Post with the incorporation of e-Cert into Smart ID card and is familiar with the e-Cert and information security solutions. Our proven expertise makes PCCW Solutions a trusted partner in securing online transactions.

On top of OneKey solution, PCCW Solutions has also provided the necessary hardware and software for CITIC Ka Wah Bank to build the SMS one-time password system with the Bank's SMS Gateway.

Value created

In June 2005, CITIC Ka Wah Bank launched its dual option i-banking two-factor authentication on PCCW Solutions' OneKey platform, allowing banking customers the flexibility and convenience of using either the Hong Kong Post e-Cert or SMS transaction passwords for conducting their online banking transactions in a secure Internet environment. The solution effectively minimises online banking frauds.

The increased peace-of-mind for Internet banking users can be expected to encourage wider adoption of online services of a financial nature, as well as bring benefits in many other areas of life.