The Karczew Cooperative Bank: Rublon Case Study

Last updated on September 1, 2025

The Karczew Cooperative Bank Secured VPN Access With Rublon MFA

Bank Spoldzielczy w Karczewie (The Karczew Cooperative Bank) had to raise employee security quickly and meet tightening regulations (DORA, NIS2, the Polish KSC Act, and GDPR). Deploying the Rublon MFA platform with Active Directory user synchronization and push authentication for VPN access delivered full regulatory compliance, protected the bank against Account Takeover (ATO) attacks, and streamlined security management.

“The implementation went smoothly and on schedule, largely thanks to the professional technical support from the Rublon team. The process of configuring the solution and integrating it with corporate VPN and Active Directory was well described in the provider’s documentation, which made the project much easier. The system interface proved to be intuitive and friendly to administrators. All encountered challenges were swiftly and effectively resolved. From the customer’s perspective, the implementation can be considered effective, well-planned, and technically uncomplicated.”

Pawel Najsarek

Security Engineer at Ingram Micro, responsible for the implementation of Rublon MFA at the Cooperative Bank in Karczew

Man calculating finances with a calculator, coins in the background – a symbol of banking security.

Objectives

The Karczew Cooperative Bank wanted to implement strong three-factor authentication in compliance with DORA, NIS2, the KSC Act, and GDPR.

The bank wanted to protect employee logins to the company’s VPN from Account Takeover attacks.

The MFA solution had to be integrated with Active Directory and VPN without requiring additional hardware. It also needed to avoid work disruptions and excessive costs.

Results

Secure VPN access via user-friendly push MFA with an additional biometric check.

Met access protection-related regulatory requirements of DORA, GDPR, NIS2, and the KSC Act.

Daily synchronization with Active Directory eliminates the need for manual creation and updating of user accounts.

Client

Name:
Bank Spoldzielczy w Karczewie (The Karczew Cooperative Bank)

Industry:
Cooperative banking / financial services

Location:
Karczew, Poland

Website:
https://www.bskarczew.pl

Description:
A local cooperative bank affiliated with the BPS Group, offering a full range of financial services to individuals, farmers, SMEs, and local government units; operates several branches in Mazovia and emphasizes close cooperation with the local community.

“The success of the implementation at the Cooperative Bank in Karczew confirmed that Rublon MFA can be implemented quickly and painlessly even in an infrastructure with a high level of complexity. Thanks to a clear administrative console and extensive device self-enrollment features, the bank’s administrators saved a lot of valuable time, while end users gained a simple but secure way to log in. As a result, the bank raised the level of cybersecurity with minimal impact on daily operations.”

Patryk Suchorowski

Head of IT Operations at Rublon

The Challenge

Regulatory Compliance

From 17 January 2025, financial institutions must comply with the Digital Operational Resilience Act (DORA), which mandates strong user authentication. At the same time, the NIS2 Directive extends the MFA requirement to all “essential entities”, and in Poland, it is complemented by the KSC Act. Banks are also bound by GDPR standards.

Robust Protection

The bank wanted to ensure that only authorized employees had access to the data. With a growing number of Account Takeover (ATO) attacks that became one of the most common attack vectors according to industry reports, the bank required additional safeguards to reduce risk, satisfy strict information-security demands, and avoid expensive hardware tokens. The bank wanted not two, but as many as three authentication factors, i.e., the introduction of three-factor authentication (3FA) to protect VPN access as well as possible.

Easy Deployment and Management

The project had to be completed quickly and on a predictable budget. The solution had to meet all requirements while remaining easy to deploy for administrators and convenient for users. An additional challenge was that the data of users logging into the VPN was stored in Active Directory, so the sought solution had to be able to integrate with this directory service and synchronize users for seamless identity management.

The Solution

The Karczew Cooperative Bank deployed the Rublon MFA platform.

The bank considered various multi-factor authentication providers but ultimately decided on Rublon MFA. They were attracted by the directory synchronization option and the ability to protect VPN access with a convenient and easy-to-use Mobile Push authentication method, whose security was additionally bolstered by a biometric check via fingerprinting. Compliance with all financial sector regulations was an added advantage of Rublon’s solution.

Cost-Effective Centrally Managed MFA Without Additional Hardware

The bank in Karczew did not have to purchase any additional hardware. The flexible pricing model and low entry threshold made Rublon MFA authentication cost-effective. The bank integrated Rublon’s three-factor authentication with its VPN using the Rublon Authentication Proxy, further securing employee access to the corporate network. The extra step of login added by Rublon involves sending a push notification to an employee’s phone with the Rublon Authenticator app. The fingerprint protection option has been enabled in the app, which allowed for adding a biometric element and thus enabling three-factor authentication (password, push, fingerprint). Mobile Push is a fast and convenient method that allows confirming access with just one touch. It doesn’t slow down work while offering a high level of access security.

Integration With VPN and Synchronization of Users From Active Directory

The bank was using Active Directory as an identity provider. The Rublon MFA platform was integrated with the existing infrastructure, where users logged into the VPN using Active Directory credentials. In addition, the Directory Sync feature was used to synchronize users from Active Directory into the Rublon Admin Console. This synchronization meant that neither manual user enrollment nor step-by-step user registration was necessary, and user onboarding was much faster.

Achieving Compliance With DORA, NIS2, KSC, and GDPR

The introduction of Rublon MFA met the “strong user authentication” requirement of Article 9 of DORA, which is mandatory for financial entities as of January 2025. The use of push notifications as a second factor also met the NIS2 security measures (Article 21.2(d)) mandating the implementation of MFA in key and important institutions. In addition, multi-factor login abides by the “privacy by design” GDPR principle, reducing the risk of unauthorized access to personal data. This allows the bank to present complete MFA logs, policies, and procedures during supervisory audits, documenting compliance with each of the four regulations without involving additional tools or costs.

The Benefits of Implementing Rublon MFA

Full regulatory compliance	Meets DORA Art. 9, NIS2 Art. 21, and KSC MFA requirements while supporting GDPR.
Safeguards against account takeovers	Since enabling MFA, the bank has recorded no successful ATOs; Microsoft statistics show MFA stops 99.9% of such attacks.
Single console, zero overhead	Synchronization with Active Directory removes the need for administrators to manually create accounts; any changes to AD are reflected in Rublon MFA.
Seamless login for employees	Push notification is just one touch; no need to manually enter OTP codes or purchase expensive dongles.
Fixed cost and easy budgeting	A 3-year subscription plan stabilizes operating expenses and simplifies financial planning.

The Outcome

The Cooperative Bank in Karczew wanted to introduce 3FA authentication for its employees’ VPN logins. This choice was dictated by the need to ensure compliance with the DORA regulation and the overall strategy of increasing the level of security while maintaining user convenience. Rublon turned out to be a solution that fits well with these assumptions – it increases security without introducing unnecessary difficulties in everyday work and meets the requirements of Article 9 of DORA.

After implementing Rublon MFA, the bank achieved an immediate increase in cyber resilience in line with the latest EU regulations while maintaining ease of login for employees and minimal labor-intensive maintenance for administrators. Thanks to the Rublon MFA platform, the project was quickly completed and secured for the next three years. Due to the positive experience with the implementation of Rublon MFA, the bank may decide to secure more technologies in the future.