×

Bankdata achieves an improved, modernized identity infrastructure with the Curity Identity Server

Bankdata was founded in 1966 and is today a modern IT company with 700 employees. Bankdata is owned by 9 Danish banks, who are also their customers. The banks participate actively in the planning and development of Bankdata's activities. They provide complete IT solutions for the financial sector, including the development of network and mobile banking, credit and advisory tools, support and security.

Challenge

Bankdata contacted Curity for a couple of reasons. They wanted to modernize their banking information technology, they also needed to comply with changing regulations, such as PSD2 and GDPR. The company had begun using APIs in their mobile app but could foresee the need for more APIs over time.

All of these requirements drove Bankdata’s need for an Identity Management System (IMS) and an API Management System (AMS) that worked in tandem to solve their current and expected future use cases. Initially, they had procured and deployed a product to serve as the AMS. However, they still needed an IMS that could meet their login and token issuance demands.

Solution

Their demands were high due to the need to deliver banking-grade security. These requirements were satisfied by the Curity Identity Server which included the features necessary to deliver this high bar of safety.

In particular, Bankdata was able to leverage the PKCS#11 support to sign JSON Web Tokens (JWT) with keys stored in a Hardware Security Module (HSM). They were also able to use many of the features which the Curity Identity Server supports to comply with the Financial-grade API (FAPI) specification, like certificate-constrained access tokens, mutual TLS for client authentication, and signed request objects.

Additionally, Bankdata took advantage of the Dynamic Client Registration (DCR) capabilities of the product to create a more dynamic environment that required less centralized management. On the point of manageability, Bankdata’s DevOps team utilized the Curity Identity Server’s RESTCONF API and related features to create a Continuous Integration and Continuous Delivery (CI/CD) process that allowed them to manage configuration as code.

Result

The result was an improved, modernized identity infrastructure. This new IMS worked in tandem with Apigee, the commercial API management product they had previously selected. Similarly, they were able to reuse their HSM from their preferred vendor using a standards-based integration.

Very importantly, they also were able to comply with new PSD2 and GDPR regulations in a safe way using a commercial off-the-shelf (COTS) product. This greatly reduced their development, and maintain efforts, helping ensure that the new platform remains modern and adaptive over the long-term.

We’re really pleased to have achieved an infrastructure that not only help us comply with regulation now, but that we can scale and adapt to suit future requirements, and new legal demands as they come, without the need to rip out and replace.
Michael Lind Mortensen

Michael Lind Mortensen - Lead Domain Architect at Bankdata


Trusted by Many

The Curity Identity Server is used by organizations across all industries to provide secure access to data to millions of users. Here are some examples of our valued customers:

Com Hem
Eon
Bisnode
Entercard
Collector Bank
Shell Energy
Karhoo
Kindred
Tele2
Region Östergotland
ATG
Volvo Cars
BankData
KGH
Scandic
Axis