"nCipher NetHSMs delivered double the required performance and met all our compliance objectives. We chose nCipher NetHSMs, and they have performed as exceptionally in the field as they did in testing."

Download in PDF »

Stopping fraud in its tracks

Logos, based in Croatia and a member of the Asseco Group, develops, integrates, and implements technology solutions for the financial industry. Two systems Logos developed provide a secure infrastructure for Croatia’s leading banks, Zagrebacka Banka and Privredna Banka Zagreb (PBZ). The banks’ systems comply with Croatian banking regulations and protect themselves and users from fraud with strong authentication.

Strong authentication uses two factors to identify users: something that the user has, such as a smart card, and something that the user knows, such as a PIN. Strong authentication can be achieved in several ways:

• Zagrebacka Banka chose to employ one-time hardware tokens that provide a dynamic password to use with a PIN.
• PBZ chose MasterCard’s Chip Authentication Program (CAP), which employs a unique chip in banking cards to create a dynamic password to use with a PIN.

With both systems, users are protected by the 3-D Secure^™ Verified by Visa and the Mastercard SecureCode^® programs for authenticating internet payments.

The banks’ systems share a critical similarity. Both use hardware security modules (HSMs) to secure communication to the Visa and MasterCard environments and to digitally sign transactions. Additionally, PBZ uses HSMs to securely issue MasterCard CAP cards.  HSMs are crucial to protecting against transaction fraud.

“HSMs are the best way to prevent fraud and comply with strict authentication regulations,” says Emir Memic, CIO for Logos. “There’s no question that HSMs are essential to securing processes for the financial industry. But HSMs are not all alike. Industry-leading HSMs deliver security along with performance and scalability.”

Tested and proven

When Zagrebacka Banka and PBZ turned to Logos for assistance deploying online banking technology, Logos wanted to help its clients select the optimal HSM for their systems. Logos developed a list of desired HSM requirements, including FIPS 140-2 Level 3 validation, as required by Croatian banking regulators. But just as importantly, Logos subjected leading HSMs to rigorous performance testing. The nCipher netHSM emerged as the clear winner.

Mr. Memic explains, “We tested the ability of HSMs to execute a variety of encryption functions, such as those used in MasterCard’s CAP or Visa’s 3-D Secure processing. nCipher NetHSMs delivered double the required performance and met all our compliance objectives. We chose nCipher NetHSMs, and they have performed as exceptionally in the field as they did in testing.”

Secure virtualization

In addition to using Thales nCipher HSMs, the systems that Logos built for the two banks employ virtualized servers. With virtualization, multiple applications can run on a single server, minimizing hardware costs and power consumption. The architecture also provides high availability by allowing multiple HSMs to service multiple applications.

Designed to support virtualization, the nCipher netHSMs easily fit into the banks’ IT architecture. When applications require encryption processing or digital signatures, a network-attached netHSM provides the secure environment needed to process the request. Within the banks’ systems, each netHSM is able to serve numerous applications.

According to Mr. Memic, “nCipher netHSMs are ideally suited to virtualization. A single netHSM can support several applications, with multiple HSMs simultaneously accessible to provide redundancy and failover. Adding HSMs and servers is easy, making the systems highly scalable.” 

He adds, “The use of virtualization is increasing throughout the financial services industry. The cost and redundancy advantages are obvious. And with netHSMs, there is no security disadvantage.”

Easy administration 

When Logos implements a new system with nCipher HSMs, it aligns the HSMs to the client’s security procedures. This includes the use of smart cards to enforce the separation of administrative tasks so that sensitive operations must be performed by more than one person. Then Logos deploys the nCipher HSMs, and trains the client on the smart card-based administration process.

“With nCipher HSMs, maintenance and administration are fast, cost-effective, and highly secure,” says Mr. Memic. “Smart cards control access to administrative functions, and encryption keys are never readable or unencrypted outside the HSM. Even insiders are unable to tamper with the system.”

Eliminating fraud—and fraud-related losses

PBZ, Zagrebacka Banka, and Logos are certainly pleased with the performance, virtualization, and administration advantages of nCipher HSMs, but Logos cites risk mitigation as the most important benefit. While banking-related phishing and other forms of identity theft make headlines across the globe, online banking fraud and fraud-related banking losses are virtually unheard of in Croatia.

“It is an understatement to say that online banking fraud is not a problem in Croatia,” notes Mr. Memic. “I am not aware of a single case of online banking fraud. Not one. Strong authentication prevents fraud and the associated costs. Thales provides the secure environment that makes strong authentication possible and efficient.”