Emmanuelle Fischer, head of marketing and product development, talks about the importance of user authentication and signature to battle fraud and how it is evolving.</p> You’ve changed your security process in November 2010, how did it work before?</h3> Societe Generale had security solutions for each of its web banking or file-transfer cash management tool. Over the years, we have tried to harmonise all authentication of users and signature of orders by using 3SKey, SWIFT’s personal digital identity solution. Harmonising security has given us a competitive edge. In the past, clients had as many authentication and signature solutions as they had banks and cash management tools. It was very hard for them to manage them all. 3SKey is a multi-bank, multi-channel solution, meaning corporates only need one USB key to use with their different banks on their different tools. Everything is simplified.</p> What is driving the change besides easy use?</h3> Security is one of the major concerns for both banks and customers, especially for our web-banking portals. It’s important to prevent fraud. As we migrated clients ahead of the deadline for compliance with the Single Euro Payments Area, we noted greater levels of concern about fraud, with many clients moving to secure solutions. Over the last year, 10% of customers have moved to the French transmission protocol for banking information, Electronic Banking Internet Communication Standard Transport and Signature (EBICS TS). Authentication is a real concern for corporates, so they are really looking for a standardised solution they can use with all banks and tools. But to prevent fraud corporates should also follow best practices. They shouldn’t leave their access codes or on any other documents for anyone to see; they shouldn’t give their authentication or signature key to anyone to use in their place; and they should implement strong internal procedures to place orders and sign them.</p> How is the new authentication key used?</h3> There are two main uses to the key. First, it is used for authentication on our web portals; the user plugs in his key on his computer, he connects to our web portal and types in his User ID and the key’s password to authenticate himself on the website. The second use is for signature of payment orders or files transferred to our cash management tools; the user signs his payment order, sends it, the order or the file is received by the bank who recognizes the signature and validates it. 3SKey is used to secure all sensitive operations to avoid fraud.</p> How do you think the security process will evolve in the future?</h3> Today, 3SKey is not compatible with mobile devices, but there is a societal change: everything needs to be available on mobile devices. In September last year, we launched our mobile applications for cash management solutions. Customers can access all the positions for their accounts and get alerts, but we need to also allow the customer to validate their orders on mobile. This is a strong request from customers at the moment, which means we must provide them with security solutions compatible with mobile devices. This is our key challenge for 2014.</p>