Using IBM’s Access Management solution with SecurIT’s Versatile Authentication Server, allows ING to offer easy re-use of security services for different use cases, to accommodate different methods over time, and to balance risk/cost while meeting the needs of different user communities.
ING decided to revisit its web banking platform, which now serves 1.5 million users. ING used the opportunity to build a new security infrastructure, providing strong Authentication, Transaction Signing and Single Sign-On to new and existing applications. The complementary solution using IBM Tivoli Access Manager and SecurIT TrustBuilder meets current requirements while offering the flexibility to easily adapt to future requirements.
Established through an acquisition in 1998, ING Belgium SA/NV is a banking chain based in Brussels. Through online and telephone channels and nearly 800 branch locations, the bank provides a wide range of financial services to individuals, institutions and small and large enterprises. Its services include retail and private banking, corporate and institutional banking, financial planning, investment banking, asset management and life and nonlife insurance. ING Belgium is a subsidiary of global financial entity ING Group NV. It reported EUR1.2 billion in revenue in 2009.
Objectives and drivers
- CAP-EMV compliance using an Unconnected Card
- SSO for customers within retail & wholesale segments
- Support crossing of customer segments
- Support external hosted applications (outside the ING data center)
- Support employees – branch of the future
- Support newer paradigms: federation, mobile, etc …
- When possible, buy versus build
- Improve security
- Leave the Unisys legacy platform
- Leverage infrastructure, align on Tivoli products
ING decided that their goals were best achieved by the combination of IBM Tivoli Access Manager and SecurIT TrustBuilder. By combining TAMeb with TrustBuilder, they met the objectives identified above, and a real competitive advantage was realized.
- Provide single sign on to both internal and externally hosted banking applications, for retail and wholesale customers and customers who do business in both segments
- Support new-authentication and transaction-signing mechanisms compliant with the Europay, MasterCard and Visa and Chip Authentication Program standards, as well as newer paradigms for federation, mobile technologies and more
- Continue leveraging an existing Unisys system for user management
- Easily integrate future branches. At the business level, the solution represents a seamless user experience with a consistent look and feel across all services and channels. All authorized employees can access the same customer data in real time, regardless of which channel the data came from. And customers can now access all of their account data and all available services after providing their personal data only once.
As a second step, ING decided to remove all the session access control from its application, and hand-it over to the TAMeB component, which now uniquely controls the processes of session control. ING also offload authentication matters to SecurIT TrustBuilder. Special TrustBuilder connectors have been used, in conjunction with TFIM, to leave the central client repository on the MainFrame, therefore achieving an efficient reuse of the existing client repository infrastructure. The ING architecture is now ready to easily integrate other web applications accessible from the Internet in future phases.
Benefits for the Customer
ING Belgium simplified and strengthened the authentication mechanisms for its internal and externally hosted banking applications. As a result, the client has reduced:
- The time and cost of changing an authentication mechanism by at least 50 percent
- Development time by 10 to 20 percent by reusing validation features with multiple applications