Implementing Digital Single Sign-On (DSSO): The Pros and Cons

A Digital Single Sign-On (DSSO) despite being complex and expensive to implement. Means Better customer experience, One-time customer onboarding as Customer data is Collected once, Saves IT Helpdesk cost, as fewer customers call about forgotten passwords & Use of SAML server (Security Authentication Markup Language makes it More secure.

Thanks to the feedback received after we published part 1 of the ‘’ Is it time for customer Single Sign-on on digital channels’’. We analysed feedback queries in 2 categories:

  1. Request for more information about digital single sign-on (DSSO), pros and cons.
  2. Is there a ready fix/solution in case a bank has already invested in different digital solutions from different vendors? How would one handle the different complex algorithms implemented by different vendors?

1. Understanding Digital Single Sign-On (DSSO)

We are limiting ourselves to the extremely sensitive banking sector where access to files, transit messages, stared data, must be completely guarded. 

Using SAML server (Security Authentication Markup Language), all these are centrally stored and access is strictly controlled for human / system users.

SAML works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider.

As a result, it simplifies and secures the authentication process as the user only needs to log in once with a single set of authentication credentials on any device anywhere anytime. 

The use of multi-factor authentication like One-time Password (OTP), TAN (Transaction Authorisation Number), One-time PIN etc. which is sent to your phone or email enables double verification of the customer.

Pros of Digital Single Sign-On (DSSO)

 There are many benefits of implementing a Single Sign-on on a bank’s digital channels. Some of these include:

Better customer experience 

Instead of the customer having to maintain and master 4-5 different passwords and pins, in DSSO, the customer maintains only one user name/password.

One time customer on-boarding

It is possible to collect customer data once during onboarding and the collected data is accessible by the different digital channels systems. Data integrity is also very easy to manage from a single database.

Saves IT helpdesk cost – May customers call for forgotten passwords that need to be reset for different digital systems. By use of one DSSO, users have only one password to remember and manage.  

More security

While this may be debatable, it is obvious that a customer who has many passwords to master is likely to get more exposed to fraudsters than one with a single password. The more passwords the customer has to keep the less complex they become and more similar they become. Even if a customer’s credentials are compromised, the SAML can control this through OTP, limits such as amounts, transactions count per cycle, multi-channel verification etc.

Cons of Digital Single Sign-On (DSSO)

Complex and expensive to implement

Where a bank has already deployed multiple channels from different vendors, consolidating this to a single SAML becomes complex and at times expensive. However, this is easy to implement where the vendor has 1 or 2 vendors supplied all digital banking channels.

One fail access denied

When only one password is used to access the bank accounts across channels, if a customer forgets it, he/she gets completely locked out and can only get assistance through the password reset. This is however simplified if the channels have the self password reset.

Increased vulnerability

When this may be true that once a hacker has this single bullet password can access the account through multiple channels, the same is countered by the fact that the SAML is the single entry to the channels and hence no access to the digital channels backend systems without going through SAML. All access to the digital channels is monitored and tracked to ensure non-abuse. 

2. Implementing Digital Single Sign-On (DSSO)

The approach to achieving single customer sign-on may vary between one bank and another. Most banks have at least 3 vendors supplying these digital channels. The fewer the vendors the less complex it will be to implement a single sign-on for your digital customers.

For a start, it will be necessary to understand the kinds of massaging protocols the vendors have implemented for each of the different digital channels modules.

SAML works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider.