Business Objectives and Challenges
Entercard is committed to providing top-tier financial services and solutions. To support this commitment, they embarked on a journey to transform the digital security infrastructure. Entercard faced the challenge of modernizing its architecture to a microservices-based one. This strategic shift was essential to comply with the European Union’s Payment Services Directive (PSD2) regulation that requires strict security measures for electronic payment and consumer financial data handling. Entercard was looking for ways to implement a more secure, efficient authentication and authorization flow leveraging open standards such as OAuth and OpenID Connect. This initiative aimed to serve its expanding customer base better, adhere to evolving European Economic Area (EEA) regulations and level up the security of their systems.
Selection and Solution
In the process of selecting the best solution, many of the evaluated options fell short of providing the necessary support for industry standards and the security requirements essential for a modern microservices architecture. The Curity Identity Server's powerful capabilities made it an obvious standout. The Curity Token Service, for example, enables distributed authorization with authentication flows customized to each type of client. Plus, the Curity Authentication Service centralizes authentication. This capability removes the burden of user identification from the app level for better agility, scalability and adaptability.
Results
As Entercard transitioned to a microservice-based architecture, the next step was establishing powerful and flexible security and access around it. As a result, Entercard set up strong, PSD2-compliant authentication and authorization flows, established easy signing of third-party vendors connecting to their systems and achieved zero-trust with Curity's token-based architecture approach. The flexibility of the Curity product allowed for smooth integrations and customized implementations, addressing specific needs like token caching for enhanced performance.
“Great support and excellent cooperation. All the learning resources, training opportunities, and support make working with the product and identity easier." - Joar Dahlen, Product Owner
The Entercard team highly values Curity's competence, support, and guidance, which played a pivotal role in enabling them to establish robust systems, ensuring the utmost security for their services. Entercard also appreciates Curity’s commitment to introducing new features for increased security in every product release. They have plans to expand their use of Curity. For instance, the team is working to provide a more streamlined login experience for end users, and they feel confident that with an extensive set of Curity features and support from the Professional Service Team, they can implement any future projects.
