How Crédit Agricole Consumer Finance secures and streamlines access to its sensitive services with a SaaS multi-factor authentication solution
Feedback from Crédit Agricole Consumer Finance on their project to secure and simplify access to their sensitive services for 50,000 partners with a MFA solution that complies with the GDPR and the recommendations of the European Banking Authority (EBA). Security and user experience requirements achieved for the company thanks to the implementation of a SaaS based multi-factor authentication solution (MFA).
CRÉDIT AGRICOLE CONSUMER FINANCE
The Crédit Agricole Group's specialist consumer credit subsidiary
Sofinco, alongside major retailers
Crédit Agricole Consumer Finance, historically known in France as Sofinco, distributes a wide range of personal loans and related services in several countries through all distribution channels: direct sales, point-of-sale financing (automobile and home furnishings) and banking partnerships.
Alongside major retailers over the 19 countries where it is present, notably through FCA Bank, CA Consumer Finance offers its partners flexible and responsible solutions adapted to their needs, but also to those of their customers.
Smart Connect, a connection portal for partners
Crédit Agricole Consumer Finance offers a range of powerful and innovative solutions to boost their partners’ business. Some of these digital solutions are accessible via the Smart Connect portal.
Thanks to this service, contributors can save time in managing their vendors, while eliminating irritants and security issues, such as insecure password transmission, the creation of generic accounts when changing passwords, or delays in creating accounts. All of these operations are carried out through the various forms of this portal, which is the only point of entry for partner requests.
This portal can be accessed by everyone from a browser, whether on a tablet, a mobile or a workstation, which makes it easier for all contributors to use. In fact, regardless of the partner’s mode of operation, all they need is access to a browser to carry out their management actions.
banking products at the end of 2021
Project: Meet both security challenges and increased regulatory requirements, without compromising the UX
Protect a unique access portal
“Phishing and brute force attacks are increasing and the banking sector is a target of choice for attackers.” underlines Marine Clarisse. “We need to reassure and provide effective solutions against these attacks.”
Limit account sharing and simplify the login experience
The sharing of credentials is a serious threat to IT security. And yet, it is frequently done between colleagues in the same workplace who need to access the same applications. Therefore, it is essential to limit this sharing of access between users, which compromises the security of the information system. And this can be carried out by using a MFA solution. It is a more complex and individualized authentication that makes users aware that they are twisting a security system when sharing a password might have seemed harmless to them.
By implementing MFA, CA CF intends to make the access to their connection portal nominative in order to limit the access to their different services / solutions to authorized persons only.
What the Group was looking for ...
RGPD and PSD2 Compliance
By providing and distributing financial services, which involves collecting very sensitive personal data, CA CF is required to comply with both the PSD2 and the RGPD. In fact, the consequence of the DSP2 directive is to set new rules and make multi-factor authentication mandatory for access to bank accounts and the management of sensitive operations.
Focus on security and UX for CA CF's MFA project with inWebo
“When choosing the solution, we were looking to streamline the user experience”, underlines Marine CLARISSE, who adds that“TrustBuilder is a user-friendly solution that is very easy to use and to get use to it“.
A majority of their user population is in-store and they need to be able to access the Smart Connect portal in front of their customers quickly and easily. The aim is to meet current needs while adapting to changing use cases patterns. ” It’s an innovative solution that covers all our use cases in a homogeneous way and simplifies the access journey. Marine CLARISSE
TrustBuilder.io MFA is a Passwordless solution that allows to get rid of UX ans security constraints linked to passwords. CA CF draws particular attention to the technology developed which enables users to authenticate themselves using the browser token (Deviceless MFA). This is an exclusive feature on the MFA market.
Results: Simplified and secure login portal
Protect a unique access portal
The implementation of TrustBuilders MFA has enabled Crédit Agricole Consumer Finance to streamline the login experience of its partners to their tools and sensitive data. Whether in store, in the office or on the move, they have faster and easier access to their applications. “With TrustBuilder, the user only needs to enter his PIN code, instead of the 12-character password that has to be changed every 90 days. ” says Virginie NENTOUSSI
Users are also more autonomous in managing their account. They can manage their equipment (tokens) and enrol a new browser, tablet or smartphone themselves, either by displaying an enrolment code to enter or by receiving a link by email.