In financial institutions, there are normally two types of systems: informational and transactional.

Informational systems provide information to the end user, but do not allow the end user to alter the state of any piece of data. Accounts or passwords to informational systems (e.g., newspapers or research sources) are often shared between company staff.

Transactional systems allow the end user to alter the state of the data. For example: create and send an email, initial a wire transfer, create and send an instant message, initiate a trade, or change a credit score.

In transactional systems, it is imperative that you can prove that a particular transaction was initiated by a particular individual. By doing so, the individual cannot in the future refute that they initiated the transaction.

This property of transactional data is called NON-REPUDIATION.

In order to provide non-repudiation, enforcing the separation of privileges is  paramount. A component of privilege separation is the requirement to NOT SHARE PASSWORDS among ANY of the system users including between end users and administrators.

Instances of administrative abuse or even collusion between privileged and non-privileged users are common enough occurrences and pose a significant risk to the confidentiality, integrity, and availability of data within these transactional systems.

To avoid potential abuse or loss of security, system account provisioning is necessary. RoboForm for Business directly addresses this need by providing permission role separation. Such account provisioning allows for end-to-end password anonymity. Administrators can generate and share passwords without ever seeing or knowing the passwords themselves. The password maintains it’s anonymity even when accessed by the user. The user can log in using the credential but its characters remain hidden, instead appearing only as black circles or asterisks. When utilized, such permission role separation ensures non-repudiation while maintaining all existing benefits of RoboForm for Business.

Financial institutions looking to satisfy non-repudiation compliance can do so by adopting and implementing system account provisioning, made easily available through RoboForm for Business.

Posted by Stanko Tomic

RoboForm for Business Solution Manager