Bank of Ceylon

Bank of Ceylon Leads the Sri Lankan Banks’ Fight against Internet Identity Theft, Phishing, and Online Financial Fraud

Bank of Ceylon, No.1 bank in Sri Lanka, has deployed identity protection services from VeriSign, Inc. to lead the Sri Lankan banks’ continuing fight against Internet identity theft, phishing, and on-line fraud. In deploying the VeriSign® Identity Protection (VIP) Authentication Services to strengthen the authentication of the bank’s Internet banking facility for its customers, Bank of Ceylon has added a key layer of protection to safeguard its customers’ digital identities.

The VIP Authentication Service is a two-factor authentication solution based on the open standards published through Open Authentication (OATH). Delivered across a trusted, shared network, the VIP Network leverages a shared validation infrastructure operated by VeriSign that enables enterprises to deploy open standards-based strong authentication without bearing the entire burden of development, customer support, and system maintenance. Providing authentication services to 93 percent of the Fortune 500 and 40 of the world’s largest banks, VeriSign is a trusted provider of critical Internet infrastructure for the networked world.

Bank of Ceylon joins the VIP Network that includes many leading on-line commerce providers. The bank will be initially extending the security solution to high-usage, high net-worth Internet banking customers, but will eventually be extending the solution to all active Internet banking customers.

Two-factor authentication provided by VIP for the Bank of Ceylon is designed to address problems often encountered with utilizing a simple user name and password, which is the most common method for authentication. Because fraudsters can retrieve user names and passwords in various ways, including guessing, adding an extra layer of protection becomes paramount. Two-factor authentication combines a primary factor (something the user knows) with a secondary factor (something that the user has), so that if an attacker steals only the first factor, he will not be able to forge the second factor and will be unable to authenticate.

The VIP Network is a set of shared services that builds on the VIP Authentication Service. It means that Bank of Ceylon customers can use a single security token to authenticate themselves across any VIP enabled online commerce website including world leading online commerce sites such as eBay and PayPal. As a result, any of the bank’s customers who already have received a security token from such sites also has the great opportunity of using it in the bank’s Internet banking facility. This makes it more convenient for Bank of Ceylon customers to adopt two-factor authentication paving way for a new era in protection of customers’ digital identities.

“Given the ever-increasing security threats that are posed by the Internet, we sought to implement a solution that would provide greater protection of our customers’ online account without introducing undue complexity,” said Nissanka Janaratne, H ead of Information Technology at The Bank of Ceylon. “We will be initially extending the security solution to targeted high-usage, high net-worth online account holders, but eventually we anticipate extending the solution to all active online account clients.”