CoSign Digital Signatures Get a Signature of Approval from the Bank of Israel

Partner 7 Israeli Banks Country Israel Industry Banking Applications Signature API (SAPI)

Overview

Business Requirement
As a result of Israeli Bank Regulation 357, which defines best practices for banking IT processes, the Bank of Israel (BOI) required all banking institutions to utilize a secure channel for distribution of electronically routed checks. This regulation affected all of the banks in Israel, which included Bank Leumi, Bank Hapoalim, Bank Mizrachi, Citibank, Discount Bank, The First International Bank of Israel, and Postal Bank.

Solution
The integration of the CoSign® digital signature (standard electronic signature) solution within every Israeli bank. The solution allows each bank to verify the integrity of their electronically routed checks.

Benefits
The CoSign digital signature solution offered multifaceted benefits to the banking industry, including increased security, enhanced customer service, and savings. With the deployment of CoSign, the banks have implemented a governmentally-approved and secure means for batch routing thousands of electronically delivered checks a day. CoSign's digital signatures provide the secure channel necessary for the distribution of electronically routed checks, as a document signed with CoSign that is altered after signing invalidates the signature.

Case Study

Introduction
As Israeli banks advanced to keep pace with international advancements including the electronic processing of banking documents, the BOI acknowledged that certain elements of the electronic process required additional safeguards in order to ensure the veracity of the electronic documents. Since banking documentation that is processed electronically can be vulnerable to altering and manipulation, the government established benchmarks requiring banks to utilize a secure channel for distribution before checks could be processed electronically.

Business Need
The banking industry required a technological capacity that guaranteed the documentation they were routing was secure. As such, a committee consisting of industry leaders including Bank Hapoalim, Bank Leumi, and Citibank was established to perform an extensive review of the digital signature products available. The committee's task included establishing which digital signature solution could guarantee the security of electronic documentation in transit, while taking into account the many diverse requirements that were demanded by deploying at seven different banking institutions.

Key Challenges
The proposed digital signature solution had to meet the requirements of a large number of banks, each with its own security, regulatory, and working procedures. At the same time, the solution had to provide these differing institutions an interoperable solution with identical support and maintenance considerations.

Solution
The BOI decided that the banking industry should implement the use of digital signatures in order to safeguard banking documentation exchange. Digital signatures take the concept of the traditional paper-based signature into the digital realm, by adding a digital "fingerprint" as a signature to a document. This "fingerprint", based on Public Key Infrastructure (PKI) technology is unique to both the document and the signer and it is utilized to prove that the signatory is indeed the signer of the message and that the signer approves the content of the document. Since its creation over 30 years ago, PKI technology has been widely tested and accepted as the only standard method capable of guaranteeing an electronic document has not been altered. Utilizing PKI technology, a digital signature has the ability to uniquely bind the signer to the documents' contents, ensuring data integrity and non-repudiation of the electronic transaction. Any changes made to the document after it is signed invalidate the digital signature, thereby protecting against forgery and securing documentation.

Once the decision was made to mandate the use of digital signatures and a thorough review of the options available was performed, the Israeli banking committee established that the CoSign digital signature solution best satisfied the requirements of Regulation 357 for securing electronically routed checks, as well as the various requirements of the banks in the industry.

The key impetus behind CoSign's selection was the solution's flexibility, multidimensional capacity, and a track record of thousands of successful deployments highlighting these capacities. The variation in the security, regulatory, and working procedures between the various banks in the project made CoSign's flexibility an optimal solution. An example of this flexibility was CoSign's ability to manage both the users of banks employing Microsoft Active Directory (AD), as well as the banks that were not managed by AD.

Another example of flexibility was the different security requirements mandated by some of the banks for a strong 2-factor authentication for the signing application via a smartcard, whereas other banks were satisfied with a simple username-password authentication.

Another significant asset that CoSign brought to the equation was a built-in Certificate Authority (CA). One of the cornerstones of a digital signature is the CA, which is responsible for identifying users and issuing certificates used in identification. Traditionally, this is provided by an independent third party software application or service. However, CoSign eliminates the need for a third party-issued CA, doing away with additional costs and further enhancing its capacity as a comprehensive solution. For those banks that already had their own CA, CoSign was capable of deferring to its use as a subordinate.

Another factor in the decision to implement CoSign was its unique ability to generate Private Keys (a key used in the decryption process necessary for digitally signing documentation) inside its secure, centrally-designed appliance. This was such a significant advantage because it eliminated the need for banking employees to have Smart Cards, thus preventing the complications involved with employees managing their own Smart Cards (lost or forgotten Smart Cards and the procedural headaches involved with reissuing a Smart Card).  Also, with each of the banks able to deploy the same standard digital signature solution, they had no problem verifying the digitally-signed documentation routed between them. The ease with which the banks can verify each other's documentation would not have been as simple if they had implemented non-standard solutions.

Finally, CoSign's Signature API (SAPI) allowed third-parties involved in the project, such as NCR (a technology company specializing in products for the retail and financial sectors), to embed the CoSign digital signature at the time of file creation and not at a subsequent point afterwards, further expediting their overall check distribution process.

Results
The BOI has revolutionized the Israeli banking industry's processes with regards to the way checking documentation is handled. In turn, the industry has benefited from the savings that CoSign's utilization has provided by facilitating electronic processes, and it has passed additional service enhancements on to consumers.
Through the integration of CoSign, the banking industry established the secure method required of them for the transmission of check documentation. Moreover, it utilized a standard technology that provides audit trails and guarantees the security the industry sought for decades into the future. While the change in standard operating procedures was initially completed in order to satisfy regulatory requirements, the secondary benefits that CoSign has provided, such as savings in costs and improved service capabilities for the banks, makes the change seem as though it was initiated by the banks themselves.