Access Management at PostFinance

Secure access to E-Finance

With over 1.7 million online customers, PostFinance's E-Finance is the Swiss market leader in e-banking. The online offering is an important sales and communication channel and is continuously extended. Thanks to the integration of Swisscom Mobile ID, users can login securely from anywhere with their mobile phone.

AdNovum's security suite NEVIS has been used for access management in E-Finance since 2007. It is also deployed by Swiss Post International (SPI) and PostLogistics. To be able to cope with the massive load of login and user sessions, the access management infrastructure comprises several entry servers with numerous instances. The NEVIS Security Suite supports session sharing and thus allows load balancing, i.e., an even distribution of the total load on the servers.

At the beginning of 2010, E-Finance's login component and the management of access data were also migrated to NEVIS. As a result, PostFinance now has a central end-to-end security infrastructure that can be used not only for E-Finance but also for other applications. The solution enables flexible authentication handling. New means of authentication can easily be integrated and the login process can be adapted any time. Since October 2013, PostFinance offers customers the possibility to log in with their mobile phone using Mobile ID in addition to the login with PostFinance ID and Display Card. Swisscom's Mobile ID Service is integrated into the access infrastructure via the proxy component in NEVIS.

Features

  • NEVIS-based access infrastructure with login and authentication
  • Supports multiple authentication methods, including centralized management of access data
  • Easy integration of new means of authentication and flexible handling of the login process
  • Simple and secure authentication on mobile devices via Mobile ID
  • Session sharing between NEVIS instances (based on Oracle) and load balancing
  • Perimeter security and SSO on the finance portal
  • Support of certificates of the Swiss Post
  • Internal entry server (SSO for staff)
  • Easy integration of further applications

Key Figures

  • Over 1.7 million online customers
  • Around 200,000 logins per day
  • Peak load: 1,620 hits/second

Technology

Access management infrastructure based on NEVIS components:

  • Entry server: nevisProxy
  • Authentication server: nevisAuth
  • Management of access data: customized application with nevisIDM
  • Key management: nevisKeybox
  • Credentials: PostFinance ID, Display Card, Swisscom Mobile ID