Xact Web Portal: Security configuration compliance and decommissioning of smartcards
Clearstream Banking1 informs customers that effective
21 November 2022
it will phase out the smartcards on Xact Web Portal progressively until the end of the year. These will be replaced with the webcrypto certificates already in use by all Xact Web Portal users. In addition, the option to secure the user access by a mobile authenticator app has been made available to all users.
In this context, Clearstream Banking would like to remind all Singapore customers who are regulated by the MAS to ensure their compliance with the Technology Risk Management Guidelines – January 2021 with regard to their setup and use of the Xact Web Portal.
Two Organisation Unit configuration options
The following two Organisation Unit configuration options are available and can be requested by the customer to be adopted accordingly:
1. Multifactor authentication:
- Two Factors (default setting):
- User password;
- Webcrypto certificate (soft token).
- Three Factors:
- User password;
- Webcrypto certificate (soft token);
- Mobile authenticator app.
Customers should also take into account the protection of the device (for example, storage encryption, multifactor login and other security controls) pertaining to the use of, and access to, information assets.
2. Two or four-eyes configuration on the following services in Xact Web Portal:
- User management;
- Securities services;
- Cash services;
- Custody services;
- Collateral management;
- Report management;
- Message exchange.
Note: The settings are not enforced by Clearstream Banking and it is the responsibility of the financial institution to ensure it is compliant with regulatory expectations.
Clearstream Banking strongly recommends that all customers configure their Organisation Unit with third factor authentication and four-eyes configuration across all services to achieve the highest level of security and compliance.
Further information
The Xact Web Portal User Manual will be updated with information on third factor authentication in the coming weeks.
For further information, please contact the Clearstream Connectivity Helpdesk or your Relationship Officer.
------------------------------------------
1. Clearstream Banking refers collectively to Clearstream Banking S.A., registered office at 42, avenue John F. Kennedy, L-1855 Luxembourg, and registered with the Luxembourg Trade and Companies Register under number B-9248, and Clearstream Banking AG, registered office at 61, Mergenthalerallee, 65760 Eschborn, Germany and registered in Register B of the Amtsgericht Frankfurt am Main, Germany under number HRB 7500.