Morocco’s Bank of Africa BMCE Group accelerates digital banking and meets eIDAS requirements with nCipher HSMs

Bank of Africa operates over 1500 commercial branches in Africa, Europe and Asia. Bank of Africa BMCE Group is majority-owned by Bank of Africa and is the second largest private bank in Morocco. BMCE Group brings strong strategic and operational support to the Bank of Africa Group, as well as direct access to the international market as a result of its presence in Europe and Asia. A major priority for the group is to accelerate digital banking for its customers.

Business challenge

Bank of Africa BMCE Group wanted to deploy a digital banking identity solution that would enhance the customer experience with seamless online account on-boarding and management.

Because of its international reach and strong ties with Europe, the solution needed to comply with the European Union's Electronic Identification, Authentication and Trust Services (eIDAS) regulation. eIDAS applies to government bodies and businesses that provide online services to European citizens, and that recognize or use identities, authentication, or signatures. Its goal is to encourage the creation of a single European market for secure electronic commerce, but it is also being used as a model for electronic identity and trust services regulations in other countries around the world.

In addition the solution would have to meet the requirements laid out by the Direction Générale de la Sécurité des Systèmes d'Information (DGSSI), the Moroccan authority responsible for computer systems security.

Technical challenge

The eIDAS regulation requires that government and public commercial services recognize standard signature formats and pan-European identities. It applies to many commercial services that require an EU identity, including know your customer in banking, where it is mandatory to identify and verify the identity of the client when opening a bank account.

To comply with eIDAS, Bank of Africa BMCE Group would need to upgrade its customer-facing public key infrastructure (PKI) to include a high-assurance Certificate Authority (CA).

PKI is the foundation that enables the use of technologies, such as digital signatures and encryption, and delivers the elements essential for a secure and trusted business environment for e-commerce. The CA is a core component of the PKI and is responsible for establishing a hierarchical chain of trust. CAs issue the digital credentials used to certify the identity of users and underpin the security of a PKI and the services it supports. CAs therefore can be the focus of sophisticated targeted attacks. To mitigate the risk of attacks against CAs, physical and logical controls as well as hardening mechanisms, such as hardware security modules (HSMs), are used to ensure the integrity of a PKI.

Among the requirements for eIDAS compliance is the use of HSMs that are certified at Common Criteria EAL4+, a widely accepted security standard for cryptographic solutions. According to Mounib Abdelhadi, Chief information security officer, “HSMs are not only essential to eIDAS compliance but also to ensuring secure customer communications with the bank.”

Solution

Working with nCipher’s partner, Oxyliom Identity & Trust Services, BMCE Bank of Africa incorporated nCipher nShield Connect HSMs into their existing PKI – into both the live service and in a second location for high-availability disaster backup. Adding nCipher nShield HSMs to its PKI to secure the most sensitive keys and processes created a root of trust and a high-assurance foundation for BMCE Bank of Africa’s digital banking solution. Among the primary tasks carried out by the HSMs are authenticating devices such as laptops, and generating certificates for customer-signed documents.

nCipher nShield HSMs are hardened, tamper-resistant appliances that perform functions including encryption, digital signing, and cryptographic key generation and protection. nShield HSMs are among the highest-performing, most secure and easy-to-integrate HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and application security for enterprise, financial and government organizations.

Results

nCipher and Oxyliom were recognized for their roles in enabling the technology behind the Bank of Africa BMCE Group’s digital banking solution at an officially key ceremony held in Casablanca. The ceremony marked the official start of the collaboration and publically affirmed nCipher’s ability meet the requirements laid out by the Direction Générale de la Sécurité des Systèmes d'Information (DGSSI), as well as international standards, such as eIDAS.

Performance, reliability and protection

Business challenge
  • Deliver a digital identity solution that would enhance the customer experience for online account on-boarding and management
Technology challenge
  • Upgrade existing public key infrastructure (PKI)
  • Create a hardened Certificate Authority (CA)
  • Meet Moroccan government security requirements
  • Meet Common Criteria EAL4+ security standards
  • Achieve eIDAS compliance
Solution
  • nShield Connect HSMs
  • Oxyliom Identity and Trust Services identity management solution
Download