How a Global Banking Giant Implemented QR Codes While Adhering to Stringent Compliance & Security Standards
Our customer, one of the world’s leading financial institutions, needed to implement branded QR codes and short links while upholding rigorous compliance requirements. In an ever-changing security landscape where adaptation is key, BL.INK was able to grow with their needs, provide them with better governance, and give them flexibility for the future.
About Our Customer
Our customer is a multinational financial institution that provides banking solutions for individual customers, businesses, and corporations all over the world. Its services focus on commercial banking, investment banking, and wealth management.
They currently employ around 208,000 people and assist customers through operations in over 35 countries. In the United States alone, 56 million consumers and 3 million small businesses use their online products and services.
The Problem: Managing Short Links and QR Codes Under Strict Compliance Requirements
Being a major bank with millions of users, our customer needed to implement short links and QR codes on everything from ATMs to lobby signage.
The challenge was to accomplish this within the parameters of their stringent security and compliance standards. This proved to be a moving target and one that would require a link management system that could accommodate them on all levels.
Utmost Security = Multi-faceted Measures
In order for this banking industry leader to maintain such high standards of security, they needed a system that could fit in with their proactive approach. What worked one year may no longer be enough the next.
Andy Meadows, BL.INK’s CEO, explains, “Every year, as hackers find new ways, the good guys find new ways to combat the bad guys. So you’re constantly trying to stay ahead of the bad guys.”
Along with the power to combat intrusion attempts, they also needed to keep centralized control to be able to uphold these standards.
They also wanted the peace of mind to know that future changes would be met with adaptability. Since they had been a customer of BL.INK’s since 2010, they knew it would be the right fit.
The Solution: An Accommodative QR Code and Short Link Platform
The task of addressing such an evolving, layered issue wasn’t always easy and required flexible solutions.
Andy says, “The level of complexity and compliance required for our customer is rarely found in our industry..” He explains further, “Because our service is acting on behalf of the bank, we have to maintain the protocols and security processes that the bank requires.”
Since those protocols continuously evolve, BL.INK has subsequently implemented many changes along the way, including incorporating a dedicated infrastructure. In addition, BL.INK also conducts 24/7 monitoring, penetration tests, and regular auditing.
Strict Compliance Requirements
One significant way BL.INK accommodates our customer’s protocol is by using their hardware security module, or an HSM, which manages SSL certificates for the bank.
Andy elaborates, ”Managing SSL certificates in a hardware layer adds a tremendously more complicated and sophisticated way to ensure security because it’s managed with dedicated equipment, machines, and servers. The level of investment that goes into the management of just that certificate, which says we are who we say we are, is significant.”
HSM can be a game-changer when it comes to avoiding phishing scams, also known as quishing. In quishing scams, attackers reroute traffic from a legitimate QR code to a nefarious location. “Imagine scanning something on an ATM and then getting routed someplace that looks just like the site, but it’s actually not,” says Andy
He further describes how the HSM works against quishing, “When we present our link, it is verified through the SSL certificate via the HSM tied to the corporate brand. When you scan that QR code, and you see the domain, then you have trust and confidence that it’s the actual brand.’’
In addition to hardware, BL.INK also conducts annual penetration tests, audits, and around-the-clock monitoring of their customer’s systems, tracking every packet, file, and function.
Governance & SSO
Compliance is a major factor for our customer but functionality, standardization, and governance must follow. They needed to make sure the tools they were using were the same company-wide.
Standardization especially comes into play when collaborating with outside brands where another company’s logo may be attached to their QR code.
“They can’t just use any QR code system to throw a logo in there, it has to follow all the brand guidelines. We’re able to make sure that anyone can create a branded QR code, but that they’re doing it in a way that’s been approved from a governance standpoint.”
They also must have a checks and balances system for users and access to the BL.INK platform and they do this through Single Sign-On (SSO).
BL.INK gives the bank the capability to authenticate staff by providing them with a report of all users. This report gets audited between our system and theirs. “So even if somebody has legitimate SSO, but for whatever reason, that account should not exist, it’ll get highlighted in that audit,” says Andy.
Whitelisting Destination URLs
Another feature that adds an extra layer of security within the company is a BL.INK module called “Whitelisting”, which is available to all enterprise-level customers.
Andy elaborates, “Let’s say that for some reason, somebody logged into their computer, and while they were looking the other way, someone else jumped in and tried to change a link from A to B. What happens in whitelisting is, if destination B is not on the approved list of domains, it will automatically get flagged and frozen until it gets reviewed and approved.”
He continues, “If someone has legitimate access but nefarious intentions, it’s basically a safeguard that keeps them from wreaking havoc.”
Longevity & Flexibility
With security requirements that can change anytime, our customer needed a platform that would give them long-term flexibility. BL.INK has proved to be ready for any necessary adjustments along the way.
“If you think about what the internet looked like in 2010 versus what it looks like in 2023, security has evolved exponentially. Features and functions have evolved. Utilization has evolved. Software that exists today didn’t exist ten years ago. So our platform has met their needs then but has also evolved to meet their needs today.”
The Takeaway: Link Management with Unmatched Security and Compliance
BL.INK’s willingness to work with complex compliance requirements has been crucial for this banking industry giant. Through the years, we have been able to help them stay one step ahead of security issues by implementing a hardware security module, monitoring functions around the clock, and performing regular penetration tests and audits.
We have also provided this financial institution with the governance, standardization, and support they need to ensure their compliance standards are upheld, even as their protocols change.
BL.INK has been a constant in this global financial company’s security and has given them confidence in the future. See how we can do the same for you.