UBS uses IBM technology for convenient security in e-banking

UBS uses IBM technology for convenient
security in e-banking
Reference survey UBS Access Key
The customer: UBS
Drawing on its 150-year-heritage, UBS serves private, institutional and corporate clients worldwide, as well as retail
clients in Switzerland. UBS combines its wealth management, asset management and investment banking businesses as
well as its retail banking in Switzerland to deliver superior financial solutions to its customers.
UBS has its headquarters in Zurich and Basel and is represented in more than 50 countries, including all major financial
centers, and employs approximately 65,000 people world-wide. UBS is quoted on the Zurich and New York stock
exchange. In the year 2010, the bank achieved an operating income of 32 billion Swiss francs and a result before tax of
7.5 billion Swiss francs.
In Switzerland, UBS is the largest banking institution and has more than 300 offices. Every third Swiss household, every
third pension fund and more than 40 percent of the companies are customers of UBS. The bank carries out one million
payments per day for its customers.
ʻWith IBM technology, we can offer
our customers an elegant new form
of electronic identification. The UBS
Access Key combines two features
that have very often excluded each
other: simple and comfortable
handling and at the same time a
high degree of security.ʼ
Albert Villiger,
IT Project Manager, UBS
Foto:
Highlights
n E-Banking: The UBS Access Key, an IBM development, makes e-banking simple and convenient but at
the same time ensures a high level of security – without concessions.
n AdNovum: The Swiss information technology company AdNovum integrated the UBS Access Key into
the comprehensive security framework Nevis, which protects the bank’s internet transactions.
n Success: The UBS Access Key is well received. More than 65,000 Swiss UBS customers are already
using the UBS Access Key.
The Challenge
The solution
UBS aspires to offer its customers the highest possible
level of security in e-banking. Banks are generally
confronted with more and more elaborate hacker and
phishing attacks. That is why already ten years ago,
UBS Switzerland developed a very safe procedure in
cooperation with the IBM research laboratory
Rüschlikon, replacing the TAN lists.
IBM developed a new, innovative card reader named
ZTIC: Zone Trusted Information Channel. The device
is attached to the computer via USB cable and then
controls the secure internet connection (SSL). The
IBM laboratory Rüschlikon already had a prototype,
which was now adapted to the requirements of UBS.
UBS especially demanded high performance in order
to offer fast response times.
This new procedure by UBS was based on ‘challengeresponse’, which means the authentication by question
and answer. The e-banking system poses a question,
the customer gives the right answer and thereby
identifies him- or herself. The ‘question’ is a number.
Now the customer needs his or her personal UBS
Access Card (a chip card) and a card reader with
numeric keys, resembling a pocket calculator. The
customer inserts the Access Card into the card reader
and enters the number. The device calculates a new
number: the ‘answer’. The customer then enters this
response on the website and is authenticated.
Furthermore, ZTIC required additional protocols in the
e-banking system. That is why UBS had the software
adapted by AdNovum. AdNovum, a Swiss IBM
business partner, is responsible for the security
framework Nevis which protects UBS’ internet
transactions.
The procedure reaches a high level of security, but has
one disadvantage: It needs a lot of manual intervention,
numbers need to be entered several times. Especially
for business customers, who often need to carry out
bank transfers, the handling is rather cumbersome. That
is why UBS searched for a solution that maintains the
high security level, but offers more convenience.
The bank introduced the new device to its Swiss
customers under the name of UBS Access Key. The
UBS Access Key considerably simplifies e-banking,
no numbers need to be entered. The customer can
read important details such as an account number on
the UBS Access Key and confirm or cancel the
process by one single push of a button. At the same
time, a high security level is maintained, the UBS
Access Key protects the SSL connection. More than
65,000 Swiss UBS customers are already using this
innovative solution.
Advantages of the IBM Zone Trusted Information Channel ZTIC
§
ZTIC establishes a secure SSL connection for the internet banking and protects it. The user has full control of
the secure internet connection.
§
Hacker and phishing attacks are disclosed and prevented. ZTIC makes malware and man-in-the-middleattacks ineffective.
§
The handling of ZTIC is easy and requires no training. Simply watch the video on YouTube!
§
High comfort yet high security in e-banking.
§
The user does not need to install any software. Simply plug in the device!
§
Innovative IBM technology.
Contact:
®
IBM Research - Zurich
Dr. Michael Baentsch
BlueZ Business Computing
Tel. +41-44-724-8620
E-Mail: ztic@zurich.ibm.com
Säumerstr. 4
CH-8803 Rüschlikon
© Copyright IBM Corporation 2012. All rights reserved.
IBM and the IBM logo are registered trademarks of the International Business Machines Corporation
in the USA and/or other countries.
Trademarks of other companies/producers are acknowledged. Terms of contract and prices are
available at IBM branch offices and the IBM business partners. The product information represents
the current status. Content and scope of services are determined exclusively according to the
respective contracts.
This publication exclusively serves as general information.