UBS uses IBM technology for convenient security in e-banking Reference survey UBS Access Key The customer: UBS Drawing on its 150-year-heritage, UBS serves private, institutional and corporate clients worldwide, as well as retail clients in Switzerland. UBS combines its wealth management, asset management and investment banking businesses as well as its retail banking in Switzerland to deliver superior financial solutions to its customers. UBS has its headquarters in Zurich and Basel and is represented in more than 50 countries, including all major financial centers, and employs approximately 65,000 people world-wide. UBS is quoted on the Zurich and New York stock exchange. In the year 2010, the bank achieved an operating income of 32 billion Swiss francs and a result before tax of 7.5 billion Swiss francs. In Switzerland, UBS is the largest banking institution and has more than 300 offices. Every third Swiss household, every third pension fund and more than 40 percent of the companies are customers of UBS. The bank carries out one million payments per day for its customers. ʻWith IBM technology, we can offer our customers an elegant new form of electronic identification. The UBS Access Key combines two features that have very often excluded each other: simple and comfortable handling and at the same time a high degree of security.ʼ Albert Villiger, IT Project Manager, UBS Foto: Highlights n E-Banking: The UBS Access Key, an IBM development, makes e-banking simple and convenient but at the same time ensures a high level of security – without concessions. n AdNovum: The Swiss information technology company AdNovum integrated the UBS Access Key into the comprehensive security framework Nevis, which protects the bank’s internet transactions. n Success: The UBS Access Key is well received. More than 65,000 Swiss UBS customers are already using the UBS Access Key. The Challenge The solution UBS aspires to offer its customers the highest possible level of security in e-banking. Banks are generally confronted with more and more elaborate hacker and phishing attacks. That is why already ten years ago, UBS Switzerland developed a very safe procedure in cooperation with the IBM research laboratory Rüschlikon, replacing the TAN lists. IBM developed a new, innovative card reader named ZTIC: Zone Trusted Information Channel. The device is attached to the computer via USB cable and then controls the secure internet connection (SSL). The IBM laboratory Rüschlikon already had a prototype, which was now adapted to the requirements of UBS. UBS especially demanded high performance in order to offer fast response times. This new procedure by UBS was based on ‘challengeresponse’, which means the authentication by question and answer. The e-banking system poses a question, the customer gives the right answer and thereby identifies him- or herself. The ‘question’ is a number. Now the customer needs his or her personal UBS Access Card (a chip card) and a card reader with numeric keys, resembling a pocket calculator. The customer inserts the Access Card into the card reader and enters the number. The device calculates a new number: the ‘answer’. The customer then enters this response on the website and is authenticated. Furthermore, ZTIC required additional protocols in the e-banking system. That is why UBS had the software adapted by AdNovum. AdNovum, a Swiss IBM business partner, is responsible for the security framework Nevis which protects UBS’ internet transactions. The procedure reaches a high level of security, but has one disadvantage: It needs a lot of manual intervention, numbers need to be entered several times. Especially for business customers, who often need to carry out bank transfers, the handling is rather cumbersome. That is why UBS searched for a solution that maintains the high security level, but offers more convenience. The bank introduced the new device to its Swiss customers under the name of UBS Access Key. The UBS Access Key considerably simplifies e-banking, no numbers need to be entered. The customer can read important details such as an account number on the UBS Access Key and confirm or cancel the process by one single push of a button. At the same time, a high security level is maintained, the UBS Access Key protects the SSL connection. More than 65,000 Swiss UBS customers are already using this innovative solution. Advantages of the IBM Zone Trusted Information Channel ZTIC § ZTIC establishes a secure SSL connection for the internet banking and protects it. The user has full control of the secure internet connection. § Hacker and phishing attacks are disclosed and prevented. ZTIC makes malware and man-in-the-middleattacks ineffective. § The handling of ZTIC is easy and requires no training. Simply watch the video on YouTube! § High comfort yet high security in e-banking. § The user does not need to install any software. Simply plug in the device! § Innovative IBM technology. Contact: ® IBM Research - Zurich Dr. Michael Baentsch BlueZ Business Computing Tel. +41-44-724-8620 E-Mail: ztic@zurich.ibm.com Säumerstr. 4 CH-8803 Rüschlikon © Copyright IBM Corporation 2012. All rights reserved. IBM and the IBM logo are registered trademarks of the International Business Machines Corporation in the USA and/or other countries. Trademarks of other companies/producers are acknowledged. Terms of contract and prices are available at IBM branch offices and the IBM business partners. The product information represents the current status. Content and scope of services are determined exclusively according to the respective contracts. This publication exclusively serves as general information.