|
Having an online trading portal requires bracing up for a host of security threats especially phishing and hacking. Bajaj Capital mitigated these risks effectively by using RSA’s two-factor authentication solution on its trading portal justtrade.in
With the rising interest in equity among Indian citizens, there has been a substantial rise in the number of websites offering online financial services. However, while the Internet has seen a rise in the number of online transactions, it has also simultaneously witnessed crimes associated with these transactions. Hackers have become more sophisticated, having moved from hacking mere e-mail accounts to compromising online financial accounts.
Phishing and man-in-the-middle attacks have seen a steep rise over the last two years and pose a major security challenge for financial organizations, both large and small. With these organizations extending most of their financial services to customers over the Internet, it has become imperative for them to have the necessary protective mechanisms in place.
Bajaj Capital is one such organization. A leading investment advisory and financial planning company, the company has a nationwide presence with its services being used by a range of private and institutional investors. It launched its online investment and brokerage services portal called justtrade.in in 2008. To ensure protection to its customers, the company deployed a range of security measures such as firewalls, intrusion detection and password encryption technologies.
Vinesh Menon, Deputy CEO, Online Investments, Justtrade and Retail Business Head, Bajaj Capital explains, “The level of threat to our website from attackers is no different from any other online transaction portal. However with the increase in online transactions, we also expected an increase in online threats such as hacking and phishing which can have a direct impact on the credibility and trust that every customer places in us.”
TWO-FACTOR AUTHENTICATION TO THE RESCUE
To counter these issues, Bajaj Capital decided to adopt two-factor authentication in the form of hardware tokens. Before deployment, the company looked at other organizations that had deployed similar solutions to analyze the benefits and shortcomings of these solutions. Says Menon, “We looked at other companies who had implemented two-factor authentication using hardware tokens and realized that along with the benefits that the solution had to offer, it posed a few challenges of its own. For example, the customer had to be educated on activating the tokens, using them and maintaining them safely.”
Additionally, if the customer loses the security token he/she is not able to login into the website to transact. Typically, it takes around 10 to 15 days to replace the misplaced token. Such a lead time can have harmful effects in an online trading scenario since markets keep changing on a daily basis and customers want real-time access to market information and their transactions.
Having taken these challenges into consideration, the company decided to deploy RSA’s two-factor authentication solution called SecurID. In collaboration with RSA, Bajaj Capital ensured that the replacement time was cut down to two to three days. In case the security token is misplaced, the customer has the option of calling the company’s call center to gain access to trading on the website.
Bajaj Capital has made it mandatory for new customers to buy the security token when signing up for the company’s financial services. “With the cost of the device being approximately Rs 750 for five years, it comes to around Rs 12 per month, which is not a major cost at all, considering the benefits it has to offer,” says Menon. However, this requires that the customer be educated about the benefits of using the solution to ensure that the user is convinced and does not resist the solution as being a premium service.The company is offering the devices free for high-volume customers and has between 500 to 700 clients in this bracket.
|