AIB in major business banking security rollout

5 Jan 2007

Within recent weeks AIB has commenced rolling out electronic transaction signature devices to its tens of thousands of business and corporate banking customers across Ireland and the UK.

It is the first bank in the world to offer corporate customers alphanumeric Digipass transaction signature devices for electronic payments.

The bank has struck a deal with Chicago-based data security firm Vasco to deploy its Digipass 550 device (pictured) across its business banking and corporate clients to ensure that large cash transactions ranging from supplier payments to payrolls are handled securely.

The new devices, which resemble pocket calculators, will come in purple livery and will sport AIB’s logo. The head of e-channel development at AIB Sean Jevens told that the rollout places AIB at the cutting edge of security today.

Vasco’s Digipass 550 is a PIN-protected client authentication device that provides one-time passwords, e-signatures and host authentication.

To access their accounts, AIB customers will be able to use a Digipass-generated, one-time password. Transactions will be secured using elements of the account number and the payment beneficiary’s sort code.

Based on these details the Digipass 550 will generate a transaction data signature which the user must input for validation with Vasco’s Vacman server.

The combination of the Digipass-generated one-time password and transaction signature will protect businesses from phishing and man-in-the-middle hacking attacks.

“Basically, the device generates a one-time code that will guarantee a secure payment that can’t be intercepted. The code cannot be replicated as the system uses a special algorithm,” Jevens explained.

“On the business side this will appeal to companies that make large payments, such as a company paying a large invoice to a supplier. When you’re about to submit the transaction the device generates an electronic signature that authenticates and proves that only you are the person with the right to make that transaction,” Jevers said.

“In order to make payments from a company’s bank account you need to have one of these devices that is unique to you only. You need to know the device’s PIN before it generates a one-time code to allow you to proceed with a transaction. This is the cutting edge of security as it stands in banking today,” Jevers added.

He said that initial rollout of devices to AIB’s tens of thousands of business and corporate banking customers began in December and will continue through 2007.

He said that the system was inherently different from the Code Card used to authenticate account-to-account payments in personal banking as each authentication code was dynamically generated by the device as opposed to featuring static numbers.

By John Kennedy