Tuesday, June 22, 2021

SecureKey signs fourth Canadian bank for Concierge

ING Direct Canada, the branchless-bank used by 1.8 million Canadians, has become the fourth financial institution to adopt SecureKey’s Concierge service for securely authenticating onto a large number of federal Web sites.

The move means that bank customers can use the same login username and password for accessing their bank accounts to access 120 federal services. They include Services Canada, Canada Revenue Agency, Human Resources, Canadian Border Services and Immigration Canada.

It was not an unexpected: Scotiabank [TSX: BNS], a Concierge member, bought ING Direct from its Dutch parent for just over $3.1 billion a year ago. Other Concierge members are the TD Bank and the Bank of Montreal.

Toronto-based SecureKey uses the SAML 2.0 (security assertion markup language) protocol  to connect endpoints through a secure cloud-based virtual private network so they can transmit and receive identity tokens.

“Now customers will have one less set of credentials they have to remember” for federal services, said Charaka Kithulegoda, ING Direct’s chief information officer.

It took about 12 weeks to integrate ING’s system into Concierge, he said.

“We are starting to get even greater critical mass for the service,” Andre Boysen, SecureKey’s executive vice-president said in an interview.

The company’s goal is to get banks to sign up for Concierge, he said. But it also want to expand the network to include provinces, municipalities and utilities.

Ultimately SecureKey wants to build an open consumer authentication marketplace that will compete with other payment networks.

While it is still early days — Concierge launched a year ago last month — Boysen said the company is satisfied with its progress. Still, he added, “there’s a lot more to do to make this authentication marketplace take off so you don’t have to have user ID and password for every (online) destination.”

To use the service on a federal Web site, when asked to register a person chooses Concierge and then selects a bank he or she already has a user ID and  password for. After logging in with those credentials the bank issues a security token which is transmitted to Concierge, which passes it to the government Web site. After answering a few questions the token is bound to the user’s account.

The service is “triple-blind” — the token is anonymous, Boysen said.

As for participating financial institutions. Boysen said Concierge — which is actually a hosted cloud virtual private network service that connects the bank, the user and the government — takes advantage of a Web service they already have called Interac Online Payment for anonymous authentication. All they need to do is create a SAML service for the tokens, which takes four to six weeks.

In August SecureKey won a contract with the U.S. Postal Service to provide a similar infrastructure for the Federal Cloud Credential Exchange for accessing U.S. federal services. It launches next year.

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News