Due to heightened security concerns, web applications and websites having their own Identity Management, such as register pages, profile and password management, or even one’s own email notification process, are no longer considered “advanced”. When undertaking an Identity Management implementation, cyber-attacks, website security, reputational risk, data theft and GDPR implications all come into focus. For instance, keying in the same password across websites is a common habit among users, albeit not a good one, and therefore, a data leak from one website can expose other website account credentials.
As part of the Malta Financial Services Authority’s continuous investment in technology, the Authority has implemented a multi-factor authentication facility for the Trusts Ultimate Beneficial Ownership Register (TUBOR) platform, which will also shortly be rolled out for the Licence Holder Portal. The new authentication scheme is based on the flagship cloud identity service developed by a leading global technology company and allows organisations to provide a secure, cloud-based identity management platform to externally facing consumers who are granted access to web and mobile applications. Organisations can control how consumers sign-up, sign-in and manage profiles. Additionally, their identities are maintained independently of internally implemented corporate identities for added security.
The work carried out by the Authority consisted of making use of this Identity Management framework, while maintaining a good user experience. In the background, users access TUBOR via their browsers and are seamlessly redirected to the platform’s login page. At this point, users register or sign-in with their account, like with any other website login. First time users must verify their email address, whereas for logging in on subsequent visits they would use the authenticator app found on all leading mobile application stores.
With the implementation of this added layer of security, the MFSA is protecting its resources from malicious or accidental harm and minimising data theft, while shielding users of its online services from identity theft. This technological facility is also intended to streamline website access. Eventually, consumers, practitioners and industry officers using different online services developed by the MFSA, will only require one username and password, together with the authentication code generated through the authenticator app on their smart phones.
For a user guide and instructional video about the enhanced security feature and how it can be used to access TUBOR, visit the MFSA’s website on: https://www.mfsa.mt/firms/conduct-supervision/trustees-other-fiduciaries/tubor/
Jacques Mizzi, Deputy Head, Information Systems – Technology, MFSA