Strong authentication is becoming essential for online transactions, especially banking. To better secure their accounts and online transactions, Bank of America (BOA) offers its customers strong authentication using a USB security key. NEOWAVE’s Winkeo FIDO2 / U2F key, tested and validated, meets BOA’s requirements in terms of security and user experience.
Strong authentication for sensitive online transactions
Online operations are the target of many and increasing cyber attacks. They affect all organizations, banks and financial institutions being the most targeted.
These have had to adapt in order to provide their customers a sufficient level of security to counter ever more sophisticated cyber attacks. For electronic payments and financial transactions, the establishment of the strong authentication mechanism has therefore become necessary. It provides optimal security guarantees. It has also become mandatory in Europe since September 2019 as part of the Payment Services Directive (PSD2), a European regulation. It forces the entire payments ecosystem (e-merchants, payment service providers and banks) to further secure the sensitive online banking and payments of their customers through the strong authentication process.
What is strong authentication?
The purpose of strong authentication is to enhance the security of online operations and access to accounts. This procedure consists of verifying the identity of the originator by the combination of at least 2 of the following 4 criteria:
– What I know: a password or secret code that only the user knows
– What I have: a physical object that only the customer has (mobile phone, smart card, security key, etc.)
– What I am: a personal characteristic of the client (voice or facial recognition, fingerprint, etc.)
– What I do or know how to do: a behavior
This multi-factor authentication adds an additional layer of security to online services and accounts. The use of a single code received by SMS is no longer sufficient and does not constitute strong authentication. It can be easily intercepted by hackers. Considered unreliable, banks have replaced it with processes allowing strong authentication.
The FIDO USB security key, a robust solution and an improved user experience
For sensitive transfers and online connections, some banks have opted for strong hardware, possession-based authentication, such as a USB security key based on the FIDO protocol. The goal of FIDO authentication standards is to provide a secure and easy login experience. The FIDO standard exploits the mechanism of asymmetric cryptography. It consists of using a private / public key pair. The private key never leaves the device and is effective against phishing and other cyber attacks of the same type.
The security key is used as the second authentication factor, in addition to the login/password as the first factor. The step of the code sent by SMS for authentication is replaced by that of inserting the security key into a USB port. No risk of being hacked since connection to the account is impossible without the security key.
In addition to optimal security, the FIDO USB security key offers a simple and smooth user experience. No software installation on the workstation is necessary. Inserting the key into a USB port followed by pressing the device will be sufficient.
Banking institutions, such as Bank of America, now offer their customers the opportunity to identify themselves and protect their online transactions with a FIDO USB security key. They thus benefit from a strong and secure authentication.
NEOWAVE’s Winkeo FIDO U2F security key meets BOA’s security criteria
The Winkeo FIDO2/U2F security key from NEOWAVE, a company specializing in strong authentication and secure transactions, is 100% Made in France. It complies with European digital security regulations and standards, including PSD2. It obtained the “Cybersecurity Made in Europe” label in June 2021. In addition, it contains a smart card component which has received a security visa from ANSSI, National Agency for Information Systems Security.
The implementation of the FIDO standard on a trusted device guarantees the very high level of security of the Winkeo FIDO2 / U2F key. Tested by BOA, it offers its customers increased protection against fraud, while being easy to use.
Guide to Getting Started and Using the Winkeo FIDO2 / U2F Key from Bank of America: https://authentification-web.fr/tutoriel-fido-u2f-bank-of-america/
The FIDO (Fast IDentity Online) consortium is an international alliance that works to strengthen the security of web access and replace solutions based on one-time password (OTP or One-Time-Password). The FIDO standard is already adopted by world leaders in the Internet, including Google, Amazon, Facebook, Microsoft, Bank of America, Salesforce, WordPress, etc. FIDO is a solution for the future that meets the current challenge of securing web access.
For further information:
Tél : +33 (0)4 42 50 70 05