Hardware Security Module (HSM) to verify identity and protect customers’ data
The digital transformation of Mexican Banking with cryptographic hardware
The evolution of Mexican financial institutions into the process of digital transformation is an unstoppable challenge which is long underway in their efforts to take advantage of business opportunities and move towards a modern and innovative banking, more efficient and secure, to provide its customers more and better services, making use of the new digital channels.
In addition to the digital challenge of the Mexican commercial banking, it is a broad development that have been getting the Fintechs, more than 500 now, with varying degrees of specialization and that have emerged from nowhere in a record time.
This commitment to the digital transformation and the use of technology is not insensitive to the importance of protecting the personal data of users-customers, as well as the need to verify and authenticate the identity. This is a clear progress in the use of robust authentication or SCA (StrongCustomerAuthenticacion) aligned with the New European Directive of Payment Services (PSD2).
If it is important to secure the transactions and authenticate customers, it is not less to have the confidence of these ones, by properly protecting your personal data, in order to avoid the loss of reputation of financial institutions and the negative impact that means for the business in the new paradigm of the Digital Transformation.
The use of asymmetric encryption between the Banking and the INE to validate identity
The rigorousness of the verification and validation process of identity in Mexico, counts on the collaboration of the INE (Instituto Nacional Electoral). This entity manages the census data of Mexican citizens and is therefore the competent official body to identify, validate and authenticate the identity of any banking customer seeking, among others, open an account, ask for a credit or carry out any other financial operation.
To make this process reliable, the information that is shared between the financial institution and the INE uses encryption (certificates and keys) generated and safeguarded in a high performance cryptographic hardware security module. That brings security to the transmission and prevents the interception of data by cybercriminals.
This identification and validation system of the identity of Mexican citizens, through the INE, is also available, since 2016, for the processes of management of electronic voting.
Likewise, other entities such as the Polytechnic University or notaries are joining this system.
Encryption and Digital Signature with Cryptographic Server
To carry out this process of information validation against the INE, financial institutions must integrate into their technological core a cryptographic server (HSM) that manages the digital certificates and generation keys of their advanced electronic signature when matching customer information with INE records, which identifies and validates the digital signature issued from the financial institution infrastructure, thus authenticating identity and minimizing the risks of fraud and impersonation.
Mexican citizens trust this process, as the transmission and exchange of their personal data always remains encrypted. The INE authenticates to the financial institution through its public key and the financial institution accesses the encrypted information using its private key.
Therefore, it is a reliable process in which the personal information of each citizen will not be open to the public, thus strengthening the security of their data.
For financial institutions, based on the regulations of the National Banking and Securities Commission (CNBV), this identity verification system has been mandatory and implemented since 2019. In the event that they do not do it, they will have to bear the costs of possible attacks on the security of their systems and the consequences of impersonation.
Several financial institutions have already implemented the corresponding infrastructure to meet the new identification requirement against the INE, such as BANK of TOKYO, BANBAJIO, BBVA, Banco SANTANDER, CONSUBANCO, etc.
Some of them making use of REALSEC’s hardware and cryptographic solutions.