Frictionless login journey for BNP Paribas’ B2B corporate e-banking solution
To comply with PSD2 requirements and to overcome hardware constraints of some multifactor authentication solutions, BNP Paribas chose inWebo MFA to secure and simplify access to it’s B2B corporate e-banking solution (My Corporate Bank).
BNP Paribas: European leading corporate banking and cash management
A major economic and financial player in Europe
BNP Paribas is France’s leading cash management bank and one of the leading banks on the European market. Operating in 71 countries and standing as one of the pillars of the French banking industry, the company is listed on the Paris Bourse Primary Euronext Market and is part of the CAC40 index (French biggest companies).
A corporate B2B e-banking solution to manage accounts remotely
BNP Paribas has developed many digital services such as “My Corporate Bank”, a secure web portal that allows companies to manage all their daily banking operations in full autonomy.
BNPP's Customer Solutions & Connectivity department - focus on E-Banking solutions
Gabrielle FOUBART is in charge of the Customer Solutions & Connectivity department within the E-Banking France Cash Management team. “One of the main responsibilities of our department is to manage authentication methods for the corporate e-banking solution “My Corporate Bank” that we provide to our customers”. – Gabrielle FOUBART.
Project: Securing access to e-banking solution "My Corporate Bank"
The challenges in a nutshell ...
BNP Paribas was looking to develop and improve authentication to access “My Corporate Bank”, their B2B e-banking solution not only for small and medium-sized businesses, but also for large international companies – in France.
Towards a frictionless SaaS authentication solution
Based on BNP Paribas’ research, most of their users did not have a professional smartphone. “We did not want to rely exclusively on strong authentication every 90 days by OTP sms.” says Gabrielle FOUBART.
The company was looking for a full SaaS solution that would be as secure as hardware. In fact, it was the main driver for the project. As Gabrielle FOUBART said “We did not want to implement a new hardware solution that would have involved more logistics.”
She added to this that it was important for them that the login experience was simple and fluid. BNP Paribas wanted to reduce the time needed for their users to access the service.
PSD2 compliance for e-banking
“Just like any other e-banking service, “My Corporate Bank” must comply with both PSD2 directive and the GDPR”. Indeed, the PSD2 directive imposes new requirements to financial services in order to increase the security of online payments. As a result, strong customer authentication (SCA) has become mandatory when it comes to accessing and managing banking data.
Yes, e-banking can combine high security with simplified access
To comply with PSD2 requirements and to avoid hardware constraints of some multifactor authentication solutions, BNP Paribas chose inWebo MFA. “Prior to the implementation of inWebo MFA, the e-banking corporate service “My Corporate Bank” was already using two other MFA solutions: Secure Transfer Card (smart card + reader) and electronic certificate (issued by an independent accredited Certification Authority)” explained Gabrielle FOUBART. “inWebo’s solution completes this offer and replaces the login experience that requires to enter a username and a password”.
“The simplicity of the user experience is one of the key benefits of inWebo MFA solution.” In fact, the solution streamlines and simplifies the login experience: passwordless, it allows users to connect rapidly, by typing a PIN code (knowledge factor) within their possession factor. And that’s where comes in the discruptive feature of inWebo’s solution: the Deviceless (or Smartphoneless) token, allowing users to authenticate themselves without the need of a specific equipment. It’s the browser that becomes the trusted device. And of course, this feature is PSD2 compliant. To sum up, inWebo is a full SaaS MFA solution – therefore no USB key or smart card are required – that allows users to overcome equipment constraints (smartphones, computers…) thanks to its browser token.
Lastly, the costs related to implementation and licensing were also a significant driver for the BNP Paribas MFA project. “It was important for us to keep delivering a free authentication solution to our customers” added Gabrielle FOUBART.
Results: high security and simplified access
inWebo delivers today tens of thousands of licenses to BNP Paribas and the feedbacks, from both users and the technical team, are very positive. “There were no difficulties during the implementation” adds Gabrielle FOUBART. As a matter of fact, she added, “The Administration part is fairly intuitive and easy to configure. The very few questions during the configuration process were perfectly answered by inWebo’s teams”.
The flexibility of inWebo MFA helped BNP Paribas deploy the solution on a large scale and in a very short period of time. Gabrielle FOUBART mentioned that at that time, “we kept our users informed so that the transition would be as smooth as possible and that our customers would not encounter any service disruption during the deployment”.
It was very easy to implement the solution thanks to the close collaboration between Their team and inWebo’s Techleads. Gabrielle FOUBART’s feedback was very positive. “inWebo’s teams are available and responsive and keep up to date proactively on releases and incidents”.
Given this very satisfactory feedback, Gabrielle FOUBART shares that the solution is currently being studied for deployment on other BNP Paribas transactional sites for corporate clients.