Skip to main content

Architecture for a banking environment

Ensuring authentication is correctly implemented and deployed is very important for any business, but for banking it is critical.  AuthControl Sentry® with risk-based authentication ensures the appropriate level of authentication is requested for access to applications and platforms based on the user’s circumstance.

Authentication for Banking Environments


This page explains how multi-factor authentication can be implemented from an architectural perspective and suggests how the utilisation of varying authentication factors can be matched to corresponding security levels depending upon the request. With a range of authentication factors providing varying degrees of security, it provides administrators with the ability to match each user’s request to ensure the appropriate level of security is provided, for maximum security and efficiency.

Accessing the application

Users typically access the application provided by their bank through the internet, either on their mobile device or their computer’s web browser. The services behind the net banking application typically exist behind several network layers and are load balanced for efficiency and resilience, the user only communicating directly with the very edge of the net banking architecture.

Maximum resilience and expandability

To implement authentication within the banking environment ensuring ultimate resilience, AuthControl Sentry® can be distributed across multiple network layers in a service-oriented architecture performing specific functions only within the relevant network layers or secure zones.

The architecture has the following separate functions:
– Publication/presentation and reverse proxy
– Authentication core
– User self-service
– User synchronisation from existing directory or database
– Static password checking from existing directory or database
– Data storage
– Administration

The machines performing these functions would be clustered via network load balancing, controlling the flow during peak periods. Growth and capacity can be scaled to meet the highest demand.

Multi-factor authentication

Modern banks require privileged escalation for certain actions within the net banking application. One example would be a user sending money to a payee. An existing payee can be done without escalation, but to send money to a new payee would require further stronger authentication.


Architecture for NetBanking

Architecture that can help to withstand both authentication capability and load on the system as it grows and expands.

View the architectural diagram

Authentication flow

The extensive authentication factors available with AuthControl Sentry® can work with a range of account and transactional requests. Check back soon for detail on the full authentication flow.