LuxTrust’s Strong Customer Authentication services are available in a Strong Authentication as a Service (SaaS) model or multiple devices (from hardware to full mobile). They are delivered from a highly available portal cluster whose nodes are located in Tier IV data centers.
Password Authentication: The Problem
Passwords are no longer sufficient to protect access…
- Easy to guess
- Not detected when stolen
- With the spread of online accesses, users can no longer manage them:
- 36% use the same password for all the applications*
- 44.9% never change from password*
- 25% know the password of their colleague*
- 23% give their password on demand*
* IT Security – An Empirical Study on the Willingness of People to Communicate Personal Data
same password for all
never change password
know the password of their colleague
give their password on demand
… Strong Customer Authentication (aka SCA) is the solution
Strong Customer Authentication (or Multi-factor authentication) is based on the use of two or more elements categorized as:
- knowledge (something only the user knows),
- possession (something only the user possesses), and
- inherence (something the user is)
Two-factor authentication prevents easy access with stolen credentials by requiring a second level of authentication after the user enters their username and password.
LuxTrust’s Strong Customer Authentication services are available in a Strong Authentication as a Service (SaaS) model or multiple devices (from hardware to full mobile). They are delivered from a highly available portal (ORELY) cluster whose nodes are located in Tier IV data centers.
LuxTrust Strong Customer Authentication is based on the use of certificates. Access is denied if the certificate it refers to is not in an active state. That mechanism complements mainstream solutions by providing a way to lock access by simply revoking or suspending a user’s certificate.
The services can easily be integrated into existing application environments through the implementation of the SAML protocol. LuxTrust can provide sample libraries to accelerate the implementation process.
LuxTrust supports a wide range of user devices i.e. the “something only the user possesses”. It can be a mobile device (iOS and Android) or a specific hardware device (smart card, chip based USB key and the LuxTrust Scan device).
When supported by a mobile device or the LuxTrust Scan device, LuxTrust Strong Customer Authentication services are fully compliant with PSD2 SCA and Dynamic Linking requirements.
- Protection of access to on-line services and personal data to reduce financial and reputation risks related to unauthorized access.
- Need to comply with EC’s regulations like the:
- Payment Service Directive Version 2 (PSD2), requiring the implementation of strong authentication “each time a payer accesses its payment account online, initiates an electronic payment transaction or carries out any action through a remote channel which may imply a risk of payment fraud or other abuse”.
- General Data Protection Regulation (GDPR) requiring strong protection of personal data.
- Re-authentication can be used as a simple way to express agreement when confirming on-line transactions.
- LuxTrust uses its strong authentication services to protect its own applications.
- LuxTrust strong authentication services are fully compliant with the EU’s latest Payment Service Directive (PSD2 RTS) requirements, including “Dynamic Linking” security measures.
- LuxTrust services are supervised by the “Commission de Surveillance du Secteur Financier” (CSSF), the Luxembourg financial sector regulatory body.
- LuxTrust offers a simple user interface and supports iOS and Android mobile platform.
- The authentication services can be easily integrated into an existing application environment (via standard SAML protocol).
- SaaS based model relieves you from maintenance tasks like integration of new authentications means.
- The authentication services are delivered from a Tier IV data center located in Luxembourg.
- LuxTrust strong authentication services leverage the simplicity of the underlying certificate revocation mechanism, providing an easy way to protect unauthorized access to multiple on-line services when one of the secure elements is compromised.
The following diagram illustrate a typical identification and on-boarding process from a workflow point of view.