Riyad Bank deployed OneSpan’s patented Digipass® authentication devices, taking a cutting edge role in the Saudi financial sector. Riyad Bank is in fact the very first bank in the Kingdom of Saudi Arabia to deploy authentication devices to both its corporate and retail customer base.

Riyad Bank is the leading investment performance bank in the Kingdom of Saudi Arabia and delivers a range of comprehensive financial services even as far as London, Houston and Singapore catering to the international banking needs of its customer base. Riyad Bank has been selected for a total of 190 investment awards in categories ranging from Best Mutual Fund Performance to Best Fund Manager. The bank’s full service approach is delivered through a network of 200 branches and its remote banking package uses the latest electronic technologies to bring its banking services into their customers’ homes, hotel rooms and offices, offering them unrivalled convenience and accessibility for their banking needs.

My Bank…Riyad Bank, Anywhere, Anytime

As a leading bank, Riyad Bank is incessantly improving its services and technologies to retain its competitive advantage. With its e-banking solution, RiyadOnline, the bank offers both its retail and corporate customers the possibility to manage their banking affairs 24/7 from any computer with an Internet connection. The e-banking application allows Riyad Bank’s customers to make money transfers to their own and third parties’ accounts and pay their utility bills, loan and credit card installments, traffic fines, vehicle and driving licenses fees, passport and visa fees online. In addition, customers have live access to up-to-date local share prices and foreign exchange rates.

Corporate customers can access all their corporate accounts online, i.e. current account, savings account, fixed deposits accounts, loan accounts and the company’s credit card accounts.

As Internet fraud has been increasing over the past few years using methods such as phishing, key and image logging, social engineering and identity theft, Riyad Bank employs the latest technology in order to continuously counter the fraudulent challenges. In order to mitigate risks and avoid unauthorized access, Riyad Bank was in need of a secure authentication solution to safeguard its customers’ Internet banking transactions.

Riyad Bank & OneSpan: A Solid Match

Riyad Bank wanted to create a comfort zone for their customers, ensuring them that their online accounts were sufficiently protected from illegal access. By implementing a secure authentication solution, the bank wanted to increase confidence in internet banking, attract new customers and migrate customers from traditional channels to its online approach.

Besides a high level of security, the bank placed an emphasis on usability and flexibility. As they were the first bank in the Saudi financial world to deploy secure authentication to both its retail and corporate customers, Riyad Bank was looking for a solution that was easy and intuitive to use therefore lowering the acceptance threshold.

“OneSpan provides a solid and proven technology as they are the leading vendor when it comes to security solutions for the financial market,” says Rashed Al Othman, SVPIT Governance at Riyad Bank. “The company had ample examples to demonstrate its expertise and experience. OneSpan’s Digipass technology also provided an easy-touse and user-friendly solution. As the company regularly updates its product range, they offer their customers a wide choice of different devices to suit customers’ needs.”

Riyad Online Secured by Digipass

Riyad Bank deployed two different authentication methods for retail customers: SMS and Digipass authentication. For corporate customers, the bank made the use of Digipass technology obligatory. Customers log on to the e-banking application using a chosen username and password. Whenever they want to make a financial transaction or change critical information regarding the account, the online service will ask them to insert the dynamic password generated by the Digipass device or SMS service. These passwords are randomly generated and can only be used once during a limited period of time before it expires.

Critical and financial actions that require authentication are for instance: creating a beneficiary or making a money transfer to a third party’s account.

With SMS authentication, the unique password is generated by the banking application and sent to the customer’s mobile phone via SMS. The user then enters the password on RiyadOnline in order to authenticate the transaction.

OneSpan’s patented Digipass technology works in the same way. The customer enters his one-time Digipass password for authentication purposes. OneSpan’s authentication software, OneSpan Authentication Server Framework, then validates the entered password and if it matches, the transaction is completed.

Suiting End-users’ Needs: One Application, Different Devices

Riyad Bank deployed different types of Digipass authentication devices for its retail and corporate customer base. “Because retail customers don’t require a complex solution, we opted for Digipass Go 3 as it is a very straightforward solution,” says Rashed Al Othman.

“Our individual customers can generate a strong dynamic password with the push of a button and can hang the device on their key chain.”

For corporate customers Riyad Bank first started with a relative small batch of Digipass 300; today, the bank deploys a similar Digipass device, Digipass 260. Both types of Digipass are protected by a PIN pad, adding an extra built-in layer of security, preventing that any employee in the company could use the Digipass to conduct non-authorized transactions. “Thanks to the PIN pad, our corporate customers have the guarantee that only authorized persons who know the PIN code can make financial transactions,” Rashed Al Othman explains.

Integration of the OneSpan Authentication Server Frameworkwent very swift and smoothly. As the bank previously deployed Digipass 300 devices, the infrastructure was already in place. For the mass roll-out, the bank only had to upgrade the amount of licenses in the administration interface of OneSpan Authentication Server Framework.

Strong Authentication as a Selling Point

Strong authentication has yielded many benefits for Riyad Bank. After implementing strong authentication, the bank noticed an immediate stop of faulty transaction claims. “We regularly received complaints from customers that transactions on their account had been committed by someone else. Our claims department invested quite some time in investigating the legitimacy of transactions. By implementing strong authentication, we didn’t just notice a decrease in those complaints, they actually ceased overnight,” Rashed Al Othman tells us.

The authentication solution also reduced costs in other departments. Where customers previously had to contact the bank’s helpdesk to complete some critical actions such as creating beneficiaries, they can now accomplish this procedure online. Moreover, the bank noticed that its multi-layered security infrastructure boosted customers’ confidence in its online services and helped attracting new customers.

“We’ve noticed that the security we offer our customers, has given us even more of a competitive edge. A lot of people became Riyad Bank customers exactly because we offer convenient and secure online services,” Rashed Al Othman says. “Our customers can conduct their banking affairs online at their own convenience and are ensured they enjoy the highest level of confidentiality.”

Client Overview

Riyad Bank is one of the largest financial institutions in Saudi Arabia with a strong and growing corporate and retail banking franchise. From retail banking to project finance, Riyad Bank is mobilizing its substantial capital base and decades of expertise to further solidify its role in Saudi finance. The bank has emerged as a lead financier, arranging and participating in a flow of syndicated loans in the oil, gas, petrochemicals, power and water sector, including some of the kingdom’s most notable infrastructure and construction projects. Adding to that full service approach which is delivered through an accessible network of more than 200 branches, Internet banking; mobile phone banking services and more than 2,200 multi-function ATMs.