05.2.2018

Know Your Credentials: The Other KYC Requirement

The way people want to interact with their financial providers has changed quickly in the past few years. Now, account holders want control over their funds, and they don’t want to jump through hoops to exert that control. They expect a streamlined customer experience that lets them accomplish their tasks quickly, and there are great rewards to be reaped by institutions able to meet those expectations. For example, according to PwC’s 2017 Digital Banking Consumer Survey, 46 percent of consumers do all their banking online, a percentage that will grow even larger as the first generation of digital natives—those graduating high school around now—enter their adult lives and establish relationships with banks and investment firms.

A delightful customer experience isn’t the only purpose of good identity and access management. Financial firms need to meet Know-Your-Customer (KYC) requirements from many regulatory bodies in order to avoid hefty fines. These institutions may assume that meeting KYC and other regulatory requirements means their sensitive data is safe ¾ but that would be a mistake. Hackers aren’t the only threat to Personally Identifiable Information (PII) and other sensitive data. A financial organization’s own employees can present a danger as well.

Insider threats take many forms. In rare cases, the employee is a thief who has actively sought access to parts of a core system they have no business accessing. In some cases, the employee is an opportunist who borrowed someone else’s credentials for legitimate reasons and then stumbled onto a trove of data that was too tempting to leave alone. But far more often, the employee is an unwitting pawn who’s fallen for a phishing scam or been socially engineered into sharing credentials with a con artist. Yet regardless of an intruder’s motivation or means, the results for the employer are the same: data leakage, brand damage, and regulatory penalties.

How Optimal IdM Helps Financial Organizations Control Access With Ease

Simplicity and flexibility are essential for financial organizations that want to provide easy access for customers and employees while preserving a strong security posture. Optimal IdM helps financial businesses meet these goals with single sign-on, federated identity, LDAP integration and migration, and technology that aids compliance.

Single Sign-On, MFA and Federated Identity

Optimal IdM helps financial firms achieve greater efficiency while lowering costs with single sign-on (SSO). SSO lets users log into multiple systems with one set of credentials. For users, this translates into greater productivity and freedom from the frustration of forgetting passwords. They don’t have to call the help desk for password resets frequently, so IT costs are reduced, and they don’t need to write down or share passwords, so security is improved.

Vendors and employees of subsidiaries and partners also need access to a financial organization’s systems, which is a serious risk unless federated identity is implemented. Federated identity lets a user log into systems across multiple enterprises with a single set of credentials. Administrators can do their work efficiently with a complete user management system that includes a custom entitlements engine and self-service administration capabilities, as well as the ability to log user activities and monitor accounts. Optimal IdM’s Federated Identity solution also supports multi-factor authentication and authorization in the cloud, on-premise, or in a hybrid environment.

Virtual Identity Server

Optimal IdM’s Virtual Identity (VIS) simplifies identity management and gives greater control over which accounts can connect, bind, and search the LDAP directory.

Developed in .NET and easily integrated with SharePoint and MIIS/MLM, VIS increases the ROI on a financial organization’s existing Microsoft investment by enhancing functionality and scalability.

VIS also provides an enhanced application environment that allows businesses to rapidly and easily deploy applications to existing multiple Active Directory forests or directories without extending the AD schema to third-party applications. Multi-forest Active Directory gives organizations a single real-time view of identity data from any data store.

Migrating from one LDAP directory to another is such a complex challenge that many financial institutions don’t consider it possible. VIS easily solves that problem by emulating the old LDAP platform while proxying requests to the new LDAP environment. Financial businesses can make decisions based on what they want to do, not on what their directories will allow.

Active Directory Security and Protection

An LDAP DMZ proxy helps financial companies simplify auditing, compliance and related security issues with at-a-glance answers to questions like who is logged in and when, what changes to data were made and who made them, who was added to administrative groups and when, and more. Keeping track of a user’s activity eases KYC endeavors.

Who has the keys to your kingdom?

Providing access into core systems loaded with PII is risky for every financial firm, from the biggest global brand to the corner credit union. But there’s no way around it; customers expect to manage their funds from mobile devices, employees need to perform their tasks without logging into a multitude of systems, and vendors have to share data without violating regulations or gaining higher levels of privilege than they absolutely need.

Hackers are versatile, and they employ a variety of weapons in their attempts to break into the data stores of financial organizations. But the cheapest and easiest way they can strike gold is by logging onto a system with stolen or scammed credentials. Financial organizations need a strategy for securing their identity and access management because all the perimeter security and intrusion detection in the world won’t protect a business that can’t control its user credentials. Whether a firm locates its assets in the cloud, on-premise, or in a hybrid environment, it needs an IAM solution that is seamless, secure, and compliant.

Experience the Optimal Difference. Optimal is SOC2 compliant and OpenID Connect certified. Contact Optimal IdM today to learn how we can help with your IAM needs.

Tags

  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.