Faster time-to-deployment and cost savings for the business; greater convenience for the customer – these were some of the key reasons cited by organisations that have adopted OneKey, the two-factor authentication (2FA) device that rides on the National Authentication Framework (NAF).

The NAF is an initiative by the Infocomm Development Authority of Singapore (IDA) to develop a secure and trusted infocomm infrastructure which will facilitate the delivery of safe online services offered by the public and private sectors. The infrastructure is owned and operated by Assurity Trusted Solutions, a wholly-owned subsidiary of IDA which offers NAF services to service providers such as banks and securities trading firms at the national level.

OneKey, the 2FA device for the NAF, gives consumers the convenience of a single authentication device to access multiple online services and incorporates a transaction signing function which is required by the Monetary Authority of Singapore (MAS) for banks offering online banking services.

RHB Bank

Mr See How Gee: Using OneKey will bring greater value and convenience to our customers in the long run.

RHB Bank, which was already 2FA-enabled when it launched its Internet Banking services a year ago, took the further step of securing its online banking transactions using the NAF platform in 2012 as part of the industry-wide exercise to further protect customers’ interests from the threat of man-in-the-middle-attacks during high-risk online banking transactions.

The decision to partner Assurity for its transaction signing requirements was made after the bank had evaluated several options and gone through a rigorous selection process. According to Mr See How Gee, Head of Internet Banking, RHB Bank Singapore, NAF’s state-of-the-art system and the ability to use a single OneKey token across various industries fit the bank’s requirements well, both in terms of security and customer convenience.

“OneKey is the first 2FA device in the world to authenticate online transactions across different industries. We believe that using OneKey will bring greater value and convenience to our customers in the long run, where they do not have to carry multiple tokens to do e-transactions on different sites,” he said.

By using the NAF infrastructure, RHB Bank was able to incorporate the enhanced authentication features into its system faster.

Adopting the NAF also meant that the bank was able to leverage on the strength of its state-of-the-art security infrastructure to enhance the security of its customers’ online transactions, giving them greater peace of mind.

Another benefit of NAF was the speed of deployment. It took the bank four to five months from implementation to full integration with NAF. “By using the NAF infrastructure, we were able to incorporate the enhanced authentication features to our system faster, and thus enabling us to maximise our resources on other business areas.”

“There were also definitely cost savings in not having to develop and maintain a brand new authentication infrastructure by ourselves,” he added.

The bank first introduced transaction signing via the NAF to its customers in November 2012 and from 1 January 2013 onwards, it has been mandatory for all “RHB Now” Internet banking customers to use OneKey for high-risk online transactions such as changing personal particulars and fund transfers.

Phillip Securities

Phillip Securities rolled out 2FA for its mobile remisiers in April 2012 and for its customers in November.

Within the securities trading community, there has also been a strong take-up rate for the NAF platform. All seven retail firms under the Securities Association of Singapore (SAS) officially rolled out OneKey to their clients in November 2012.

“The securities trading firms are offering OneKey 2FA or OTP as an additional layer of security to protect their clients' online transactions and to provide them with the convenience of a universal token,” said Mr Chai Chin Loon, Chief Operating Officer of Assurity.

Among the first securities trading firms to join NAF was Phillip Securities, which came on board in December 2011. It rolled out 2FA for its mobile remisiers in April 2012 and for its customers in November.

Phillip’s Business Development Manager, Ms Kwang Sook Fong, said the firm began evaluating 2FA back in the third quarter of 2011, because it wanted to offer additional security in line with MAS guidelines.

“We considered developing our own and also to ride on the NAF. Eventually, we decided to go with the NAF as we wanted to ride on the OneKey drive so that customers will not be inconvenienced or forced to carry an additional token around,” she said.

Beyond delivering greater customer convenience, the NAF route has also benefitted Phillip Securities in other ways, “As we are riding on the OneKey drive, we are able to save on the time and costs which we would incurred should we set up our own 2FA systems,” said Ms Kwang.