Central Bank of Kosovo – Two-factor Authentication

Overview

The Central Bank of Republic of Kosovo (the “CBK”), a successor to the Banking and Payments Authority of Kosovo and to the Central Banking Authority of Kosovo was established in June 2008. After the establishment the financial institution constantly improves the quality and security of its IT services. Just for a few years the company deployed a full ecosystem of services to ensure business productivity.

The security is a priority for every financial institution and the IT team is forced to meet security standards. One of the fundamental problems is the authentication process and user passwords.

Challenge

The classic password authentication method generates many difficulties and challenges – including:

• Not secured authentication method. Level of security relies on password complexity. Complex passwords are usually written down.
• Does not provide strong identity check.
• Dramatical increase of  the service desk incidents related to password and account management.

The financial institution is searching for a solution to increase the security of the authentication process and to minimize the existing problems related to password management. In addition to improving the security, the Central Bank of Kosovo plans to improve user experience with integrating logon process, identity badges, RFID and printing control.

Solution

Based on references from other financial institutions in Kosovo and the region, the Central Bank of Kosovo contacted ITCE to propose an optimal solution for a two-factor authentication.

In order to meet business and technical requirements ITCE proposed a two-factor authentication solution based on smart cards that has the following advantages:

• It is a strong authentication method compliant with all international security standards;
• Increases user productivity;
• Reduces Service Desk incidents related to password management;
• Integrates well with current infrastructure.

Having in mind that a Public Key Infrastructure (PKI) is required for the solution, ITCE included a PKI implementation that can be utilized for many more security scenarios – S/MIME, Smartphone Email Authentication, VPN Authentication, Business Application, HTTP and more. The Central Bank of Kosovo chose ITCE because of the demonstrated competency and readiness to meet all business requirements using the available technology.

Results

The project started with implementation of a Public Key Infrastructure and this was highly appreciated by the client because immediately after the implementation the IT Team utilized the PKI in the following areas:

• S/MIME
• Smartphone Email Authentication
• VPN authentication
• Real Time Gross Settlement application authentication.

With the implementation of a Card Management System and integration with Active Directory the two-factor authentication was technically ready but before going live ITCE standardized the processes related to smart card and identity management including: New Smart Card, Change PIN, Forgotten Smart Card, Lost Smart Card, User Leave and more.

Chosen Smart Cards integrate RFID functionality to make users able to use the same cards for RFID physical access control and for the printing solution.

Finally a smart card printer was implemented to turn the smart cards into beautiful badges.

Conclusion

After the successful implementation, the Central Bank of Kosovo continues the project with the roll out phase that will cover the whole bank.

During the project ITCE integrated Real Time Gross Settlement application authentication using USB tokens to the whole solution that increased the logon security of partner organizations (other banks).

The client’s plans for the future partnership with ITCE are to continue increasing the security and user productivity with implementation of Hardware Security Modules and Single Sign-On Solution.

---