FIDO is preferred standard for banking transactions

Reported by: |Updated: November 22, 2018

Security specification FIDO, or Fast ID Online, can be a preferred authentication standard for banking transactions, feels Vivek Gupta, CISO at Allahabad Bank, stating it can be integrated internally, where a USB token is used, and some other standards can be internally set up in internal servers. Gupta has been quoted by Banking Frontiers for a feature on the challenges CISOs face in the current scenario online threats use of FIDO is expected to go up. He maintains that use of authenticator apps through mobile phones is on the rise, as they eliminate the need for OTP. “The mobile phone of the user with any suitable authenticator app works as second factor authentication. Evolving standards and protocols such as FIDO for strong authentication, XML based Security Assertion Markup Language (SAML), Open ID and OAuth2 for exchanging authentication and authorization of data leading to Single Sign On solution will avoid storing multiple credentials in multiple databases. If the single proof of identity or authorization is from a trusted & reliable source, it would improve the security in a substantial manner,” says he.

On a query that several countries have mandated that organizations have to isolate networks separating internet and intranet traffic, he felt the approach is quite prudent and secure as it provides enhanced security, through clear air gap, not only for the employees, but also for the organizations. He explains further: “The likelihood of a security incident is also minimized. However, with use of modern technological solutions like NGFW, Proxy, WAF, Anti APT, DLP, NBA, NAC, etc, in strict monitoring and controlled manner, there can be limited access to certain sites and corporate emails. Actually internet and emails are main source of security risks, which if exploited cause multifarious compromise and damages. Different policy for various network zones and based of type users should be defined and implemented. Similarly, continuous monitoring and damage control capacities should be developed within the organization. In absence of which, air gap, USB block etc are really for the betterment of security status.”

– Manoj Agrawal, Group Editor, [email protected]