Press Release

HDFC Bank Teams with RSA to Help Secure Customers Against Latest Online Threats

RSA® Adaptive Authentication, RSA FraudActionSM Service and RSA eFraudNetworkSM Community from EMC’s Security Division Provide HDFC Bank with Defense-in-Depth to Protect Online Identities and Assets

BEDFORD, Mass., June 25, 2009 - 

RSA, The Security Division of EMC (NYSE: EMC) announced that HDFC Bank, one of India's premier financial institutions, has successfully implemented layered components of the RSA® Identity Protection and Verification Suite to provide a comprehensive fraud prevention platform that has protected the bank and its customers from ever-advancing online threats. The bank's implementation of RSA® Adaptive Authentication, RSA FraudActionSM service and participation in the RSA eFraudNetworkTM community has helped increase customer confidence, accelerate enhanced online banking features, and significantly reduce phishing attacks.

"Online fraud is a significant threat to organizations and consumers all over the world – and phishing, pharming and Trojan attacks are increasing in India as online banking becomes more popular. Our customers are also aware of these threats, so we needed to ensure we could offer them a secured platform that can protect their personal credentials and financial assets," said Vishal Salvi, Chief Information Security Officer, HDFC Bank. "Customer satisfaction is our top priority and RSA provided us with the necessary balance of online security and user convenience."

Salvi continued, "We had anticipated a slight drop in the number of customers using online banking services as they got used to the new security measures such as site-to-user authentication, but we didn't see this at all. As a result, our customers have been able to reap the benefits of better security with no impact on their online experience. The fraud prevention platform from RSA has been so effective that the bank has already seen a significant reduction in phishing attacks. And when online attacks are instigated against the bank, RSA is able to quickly respond and shut them down in about five to seven hours to greatly minimize their impact."

HDFC Bank has implemented RSA Adaptive Authentication that includes the visible component of site-to-user authentication to provide its customers with convenient online protection through the use of a personal security image and caption to verify the legitimacy of the bank's website. RSA Adaptive Authentication is designed to help provide HDFC Bank with behind-the-scenes security measures using risk indicators tracked by the RSA® Risk Engine that include device identification, behavioral profiling and fraud data from the RSA eFraudNetwork community. In the case of high risk and potential fraud scenarios, HDFC Bank customers are authenticated with challenge questions and out-of-band phone calls to both confirm their transactions and help prevent malware from compromising transactions.

HDFC Bank has also deployed the RSA FraudAction service that is designed to detect, track and shut down phishing, pharming and Trojan attacks perpetrated by online fraudsters. The RSA FraudAction service has shut down more than 150,000 illicit web sites across 140 countries to date. Its fraud analysts operate from the RSA® Anti-Fraud Command Center and work 24x7 to shut down web sites hosting online attacks, deploy countermeasures, and conduct extensive forensic work – reducing the average lifetime of an online attack

"We were impressed by the solution offered by RSA. As hosted services, RSA FraudAction and RSA Adaptive Authentication were very simple to integrate into our existing infrastructure and were deployed quickly with a minimum investment in resources. This compelling cost effectiveness of the solution was very important to us," said Salvi. "Furthermore, because they are hosted and API-based, RSA Adaptive Authentication and RSA FraudAction have accelerated the route to market for our enhanced online banking security features – which was much simpler than developing anything like this in our own data center."

The bank also joined the RSA eFraudNetwork community, the industry's first and largest cross-institution, cross-platform online fraud network dedicated to sharing and disseminating real-time information on fraudulent activity. The members include thousands of the world's leading financial institutions, credit and debit card issuers, regional banks and credit unions, major ISPs, health insurers, government agencies and other organizations. The RSA eFraudNetwork community identifies and tracks fraudster profiles, patterns, and behaviors on a 24x7 basis. When an attack is detected against a network member and an active fraud pattern is identified, the fraud data is securely disseminated to all network members, providing protection against the most current online attacks.

Having successfully deployed the layered platform from RSA to combat fraud against online transactions, the bank's next project is to extend this protection to customers' credit and debit card payments. Over time, HDFC Bank is also considering introducing additional security features for its users including the RSA SecurID® two-factor authentication system.

"Our measured success at HDFC Bank reflects our proven abilities in protecting against the continuous advancements in online fraud and identity impersonation, as well as our ability to deliver value to our customers that reduces related losses," said Amuleek Bijral, Country Manager, RSA India and SAARC. "We are proud to team with HDFC Bank to boost both the security of its Internet banking systems and the confidence of its customers who now have visible assurances that their identities and assets are more secure."

About the RSA Identity Protection and Verification Suite

The RSA Identity Protection and Verification Suite offers one of the most complete and innovative portfolios of strong authentication and anti-fraud technologies, and is engineered to protect organizations and their online users against the latest external threats. It is a complete Software-as-a-Service (SaaS) portfolio that is designed to increase activity in online and remote transactions, inspire user confidence, and reduce fraud losses and related costs. The RSA Identity Protection and Verification Suite leverages RSA’s expertise in fraud analysis, fraud forensics, and fraud modeling, and it includes the following components:

  • RSA® Adaptive Authentication, a risk-based authentication and fraud detection platform used by more than 8,000 organizations in ten countries, authenticating over 225 million users through risk indicators powered by the RSA® Risk Engine, such as device identification, geo-location, behavioral profiling, and fraud data from the RSA eFraudNetwork community.
  • RSA FraudActionSM, a 24x7 service designed to detect, track, block, and shut down phishing, pharming and Trojan attacks perpetrated by online fraudsters. It has shut down more than 150,000 illicit web sites across 140 countries to date, protecting more than 320 organizations. Its fraud analysts operate from the RSA® Anti-Fraud Command Center to shut down hosted online attacks, deploy countermeasures, and conduct extensive forensic work to reduce the average lifetime of an online attack.
  • RSA® Identity Verification, a knowledge-based authentication system that assures and confirms user identities in real-time by presenting a series of top-of-mind questions utilizing relevant facts obtained from dozens of public and commercial record databases It is used by more than 140 organizations in the financial, telecommunications, insurance, and healthcare industries.
  • RSA® Transaction Monitoring, an online fraud detection and management system that detects, flags, and investigates high-risk activities. Its RSA Risk Engine evaluates each online activity in real-time and generates a unique risk score that reduces fraud.
  • RSA® Adaptive Authentication for eCommerce, a secure framework for cardholder protection and fraud management. It has authenticated over 20 billion transactions via a range of authentication and card security products, including Verified by Visa®, MasterCard SecureCode™ and JCB J/Secure™.
  • The RSA eFraudNetworkSM cross-institution, cross-platform, online fraud network community dedicated to sharing and disseminating information on fraudulent activity.
About HDFC Bank

Promoted in 1995 by Housing Development Finance Corporation (HDFC), India's leading housing finance company, HDFC Bank is one of India's premier banks providing a wide range of financial products and services to its over 15 million customers across hundreds of Indian cities using multiple distribution channels including a pan-India network of branches, ATMs, phone banking, net banking and mobile banking. Within a relatively short span of time, the bank has emerged as a leading player in retail banking, wholesale banking, and treasury operations, its three principal business segments. The bank's competitive strength clearly lies in the use of technology and the ability to deliver world-class service with rapid response time. Over the last 13 years, the bank has successfully gained market share in its target customer franchises while maintaining healthy profitability and asset quality. For more information please visit:

About EMC

RSA, The Security Division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance.

RSA offers industry-leading solutions in identity assurance & access control, data loss prevention & encryption, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and

Press Contacts

David Seuss
RSA, The Security Division of EMC

Alison Parker
OutCast Communications

RSA, SecurID, FraudAction and eFraudNetwork are either registered trademarks or trademarks of RSA Security, Inc. in the U.S. and/or other countries, and FraudAction is a registered service mark of RSA Security Inc. in the U.S. and/or other countries EMC is a registered trademark of EMC Corporation. Verified by Visa is a registered trademark of Visa Inc. in the United States and other countries. MasterCard and SecureCode are registered trademarks of MasterCard Worldwide or its subsidiaries in the United States. J/Secure is a registered trademark of JCB in the United States and other countries. All other trade names and trademarks are the property of their respective holders.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) adverse changes in general economic or market conditions; (ii) delays or reductions in information technology spending; (iii) our ability to protect our proprietary technology; (iv) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (viii) component and product quality and availability; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) insufficient, excess or obsolete inventory; (x) war or acts of terrorism; (xi) the ability to attract and retain highly qualified employees; (xii) fluctuating currency exchange rates; (xiv) litigation that we may be involved in; and (xiii) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC Corporation, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.