eidas in Practice 10 Years Trust Services Experience in the Banking Sector Thomas Kopp Head of IT
Once upon a time The 1999/93 EC Directive Strong Authentication & Electronic Signature Option Requested by Luxembourg Public and Banking Sectors 2009 Accredited as Trust Services Provider in Europe 2005 LuxTrust Founded - Trusted 3rd Party - PPP of 4 Major Banks and Government - Cost Sharing for PKI-Based Trust Services Provision Monitored by Payment Sector Supervision Body CSSF
Meet the classic request esignature-based Trust Services for Online Banking Issue EIDs: Admission ticket for the electronic world LCP, NCP, QCP (+) certificates Strong Authentication Services Challenge & Signed response Scalable concept: 1 Certificate Any bank Access right management of providers based on end-user certificate SSN Simplify usage: Central Signing Server 2008 Renewal made easy & Connectivity problem solved Common library for unified device support Removing complexity for PKI integrations Trusted Time-Stamping Service Preserve signatures validity beyond certificate lifetime
Leverage & Extend Real Time Enrolment & Advanced esignature Usage Simply Use KYC: Delegate registration authority to banks Identification currently possible in approx. 20 RAs Banks can enrol customers instantly Online banking enrolment: Get equipped within 30 minutes User Device & EID Provision via Life Registration Service Since 2012 Interoperable AdES Signatures for paperless contracts Plug-Tested library for creation, verification and extension of ETSI conformant esignatures International Trust Alignment TSL not integrated by major vendors Microsoft, Mozilla, Apple, Oracle, Adobe Adoption of National EID Card Broaden user device support
Current Bank Needs Address augmented threats and adapted service models Nonrepudiation of engagement: Use transaction signing Use of XAdES manifest signature applied to SEPA documents Rapid technology switch: Provide services via trusted cloud SAML v2 and DSS authentication and signature service portal Industrialised attacks: Contextual Approach The classic PKI card QSCD turns out to be a weak device Mobility is key: Signing on tablets Flexible user interfaces based on responsive design Paperless office: Save time, money & sign remotely Benefit from legal force of the 910/2014 EU Regulation
Mobile First strategy, a trusted journey How LuxTrust supported our developments How to achieve a high level of security combined with clients trust & a proof environment for online transactions? August 2011 Launch BILnet Mobile June 2013 January 2014 Abandonment of Java Launch new BILnet & QuickBanking New proof environment & signature policy April 2014 Advanced signature on BILnet Mobile July 2015 Mobile First Full responsive design
Mobile First strategy, user experience & security Client benefits: a single & unique bank user experience any device, anytime, anywhere Bank benefits: higher security extended service offer differentiation New transaction possibilities: management of credit & debit card limits creation & management of transfer beneficiaries change of personal data, i.e. address, phone, email investment profile & securities account security management: transfer limits, authorised countries online account opening
Trust Services for Banks The potential of tailored eidas solutions Flexible & easy to integrate Trusted Cloud Any service everywhere Mobility is key User devices fully managed by LuxTrust Real time and simple enrolment based on KYC Full solution range from one supplier Committed to high quality & availability
LuxTrust Key Facts Thanks for your attention KEY FACTS: ANNUAL GROWTH OF USERS OVER 50% VALIDATIONS IN OVER 170 COUNTRIES REFERENCES: Financial institutions