Ing Direct Introduces A New Login Process With Strong Authentication For Online Banking, Powered By RSA Security

Published 17th August 2006

Consumers will enjoy visibly-enhanced security as well as behind-the-scenes protection with RSA Adaptive Authentication solution...

August 17, 2006
ING DIRECT announced today that it has launched a new login process using a new security solution for online banking customers. Powered by RSA Security's proven, risk-based authentication and site-to-user authentication solutions, it is designed to protect consumers while they log in to their ING DIRECT accounts - without complicating the login process.

Rudy Wolfs, CIO, ING DIRECT, said: "Our customers have become accustomed to a simple, easy and secure online experience. As new online threats emerge, our new login process is yet another way to boost their confidence online and provide a sense of security, without placing any
burden on the user experience. RSA Security's powerful authentication solution provides us with a full set of tools designed to help protect our customers and to monitor and reduce fraud."

ING DIRECT has taken a proactive approach to security, implementing features such as PIN Guard to further encrypt users' PIN numbers and the RSA FraudAction service, a 24X7 anti-phishing service which was launched in mid-2005. With this new layer of security, ING DIRECT customers get added peace-of-mind that they are on the authentic ING DIRECT website, as well as behind-the-scenes security via real-time authentication, based on their device and additional parameters, as they bank online.

How it works
The enrolment process, which is only required once, is easy and takes only a minute or two. To enrol, ING DIRECT customers select an image from a library of images and create a personal phrase, which they will recognise when logging into their accounts. Then they answer at least
five security questions. After enrolment, when a customer logs in, they will answer two of the security questions and then view their image and phrase so they'll know immediately that it's safe to enter their Login PIN. To make the login experience even easier, users can "register"
their computer. As a result, the next time they login from that computer, they will be automatically recognised, enabling them to skip the security questions and shorten the procedure.

In parallel, behind the scenes, using the customers' own computers as a second factor of authentication, the system provides a positive identification based on device and network forensics, behavioural analysis and other parameters. Then it quickly and transparently scores
transactions according to the perceived level of risk and automatically adds additional security measures such as secret questions or an automated phone call if needed, all with minimal impact to the online banking customer.

With the addition of the RSA Adaptive Authentication solution, ING DIRECT will further leverage its existing membership in the RSA eFraudNetwork community, the world's largest and most effective network for fighting online financial fraud. With membership comprising thousands of financial institutions worldwide, the eFraudNetwork collates some of the best, most up-to-date intelligence from across the globe in real-time, giving financial institutions instantaneous
information and immediate protection.

Chris Young, Senior Vice President and General Manager, Consumer Solutions Division, RSA Security, commented: "A key consideration for financial institutions today is how to secure their customers without incurring a negative impact on the convenience of the online channel.
ING DIRECT is a great example of how this can be achieved. Our state-of-the-art products are designed with both security and usability in mind and they are geared to provide financial institutions with the utmost flexibility to meet their specific needs. They have also been
field-tested by dozens of large financial institutions and tens of millions of online users."