SOP for Two-Factor Authentication in IPPB Finacle
This post dives into the implementation of Two-Factor Authentication (2FA) within IPPB’s Core Banking System (CBS) powered by Finacle. We’ll explore the one-time registration process, authentication using a one-time password (OTP), and subsequent management of user mobile numbers.
- Click below to download SOP
[ez-toc]
1.0 Introduction
Two-factor authentication, also known as multi-factor authentication (MFA), is a critical security measure employed in banking applications. It adds an extra layer of protection by requiring not just a username and password, but also a second verification factor. This significantly reduces the risk of unauthorized access to the system.
By implementing 2FA in CBS-Finacle, IPPB reinforces its information security posture. This enhanced security applies not only to bank users but also to end-users and officials with authorized access to specific CBS menus.
2.0 Important Terms and Abbreviations
- Two-Factor Authentication (2FA): A security protocol requiring two distinct forms of identification for a user attempting to access an application or system.
- OTP (One-Time Password): A temporary, unique password generated for user identification during login and typically used as an additional layer on top of a primary password.
- ROTP (Register One-Time Password): A dedicated CBS menu within Finacle that allows users to register their mobile number for receiving OTPs for login authentication.
- COTP (Challenge One-Time Password): A CBS menu used to trigger an OTP generation every time a user logs into Finacle.
- MOTP (Maintain One-Time Password): A CBS menu specifically for Circle CBS UAR SPOCs (User Access Review Single Point of Contact) and the CBS Admin team. This menu facilitates changing the registered mobile number for a CBS user.
- UAR (User Access Review): A periodic review process conducted for CBS access. Each Circle and department designates two officials as CBS UAR SPOCs. These SPOCs collaborate with the CBS Admin team to gather user access data and conduct the review. Additionally, they are assigned roles with appropriate work classes enabling them to perform specific actions like password resets.
3.0 Implementation Details
The following sections will detail the user registration, login authentication, and subsequent management of mobile numbers for 2FA in IPPB’s CBS-Finacle system:
- 3.1 User Registration: (Details on the one-time registration process using the ROTP menu to link a mobile number for receiving OTPs)
- 3.2 Login Authentication: (Explanation of the login process using username, password, and the OTP received on the registered mobile number)
- 3.3 Management of Registered Mobile Number: (Information on how to update the registered mobile number using the MOTP menu, potentially requiring assistance from a CBS UAR SPOC)