Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Multi-Factor Access Control for Human Resource Services Security

InfoSecurity Europe : 10 March, 2010  (Technical Article)
Jan Valcke of Vasco explains how Digipass can operate as the third authentication factor for use in securing sensitive HR data during payroll processing
See our events guide listing for more details

HR resource services companies offer a complete range of services and products relating to the employment of personnel. With payroll data increasingly being transferred over publicly accessible network as the Internet, many HR services companies are aware of the need for absolute security and confidentiality. Many organizations need to secure the exchange of confidential information over the Internet, so that their clients could use their payroll software packages without worrying about Internet crime

Typically, clients' HR-staff provides HR resource services companies with necessary and confidential data, so they can do the payroll processing for them. But, because the software packages can be used over the Internet, HR services companies need to guarantee an absolutely secure and confidential way of exchanging this information. Besides that, they also need to 'know' who sends them this information, in order to allow them to check whether this person is authorized to do so. Obviously, it is essential that HR services companies find the ideal way to the secure the exchange of this data. The data which HR companies receive from their clients is very confidential and that is why they are also attractive for fraudsters. Strong authentication is the right security path for HR services companies to follow.

With strong authentication, the user has to authenticate themselves through two independent factors:

* Something you know (a password)
* Something you have (a physical device).

This contrasts with traditional password authentication, where the user only needs a static password to identify him self. In many cases, HR resource services companies have decided to work with Vasco's Digipass strong authentication and Vacman Controller.

How does it work?

In theory, a Human Resource Services company assigns a Digipass to everybody who is authorized to use or enter data into the software packages. To login to such a package, the user needs an Internet connection, a username, a PIN code and Digipass. After entering the PIN code (first factor) on the keypad of Digipass (second factor), the device/software generates a unique password. This password needs to be entered into an applet, together with the username, in order to get access to the payroll software.

With a unique password that is generated every 36 seconds, Digipass puts fraudsters out of action. Even if fraudsters can retrieve the password someone used to login, the criminals won't be able to re-use it, as Digipass produces a new password for every login.

Two important factors why Human Resource Services companies opt for Vasco are Vasco's proven track record in the financial world and the ease of use of Digipass. A lot of banks used this security solution, HR resource services companies are reassured of the added value and security of Digipass strong authentication. The easy use of Digipass stimulates its adoption. No technical skills are required to use Digipass. Therefore it is easy to distribute it to all kinds of users.

HR Services companies can also use Digipass not only to secure the input of data by clients, but also for a number of other critical applications. Internally, Digipass can be used for remote access and to connect securely to the corporate network through a VPN connection. Digipass can also be used to give employees secure access to their web mail.

Additionally, in keeping with Access to Work requirements and corporate social responsibilities, companies have to offer blind and visually impaired people the same job opportunities as everyone else. For these employees, companies can opt for Vasco's Digipass 300 Comfort Voice. This way, they can securely access the same applications as other employees can. To assist visually impaired people, Digipass 300 Comfort Voice has extra large buttons and every key press is followed by an acoustic feedback. The calculated unique password is being read by Digipass to the user through a built-in speaker or via a headset. That way the user can insert the password as he or she hears it.

While the secure exchange of confidential data remains a critical concern for HR resource services companies, they can now be assured that with Digipass from Vasco, their clients' confidential data will remain safe.

Vasco is exhibiting at Infosecurity Europe 2010, the No 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo