JETSTREAM SECURITY
Jetstream uses 128-bit SSL encryption with industry standard PKI (Public Key Infrastructure). All data transmitted between the customer and Crédit Agricole Corporate and Investment Bank is encrypted.
The software is digitally signed by Crédit Agricole Corporate and Investment Bank to prevent unauthorised tampering so you can be sure that you are using a genuine secure instance of Jetstream.
Microsoft .NET uses the concept of a Code Access Security policy which is a mechanism for maintaining security based on the identity of the code. This offers significantly superior protection to other security models by providing finer granularity of security control.
There are three industry standard categories of authentication:
- Something you know (e.g. a password or PIN)
- Something you have (i.e. a physical device)
- Something you are (e.g. fingerprint or iris scanning)
Industry standard is to use two of these three categories. Crédit Agricole Corporate and Investment Bank has chosen to implement the first two categories, i.e. a PIN and a physical Vasco Digipass device.
Crédit Agricole Corporate and Investment Bank uses Vasco Digipass to provide secure access to Jetstream using a time-based single-use security code and PIN.
Penetration testing was conducted by Information Risk Management plc (IRM), a vendor independent information risk consultancy. All recommendations were implemented.
General
- Jetstream has disaster recovery servers so that the system will continue to operate in the event of any disruption to the physical location of the primary servers.
- Crédit Agricole Corporate and Investment Bank's network is secure and firewalls prevent unauthorised incoming connections from external parties.
