RB Key app by Wultra replaces legacy SMS authorization with biometrics or PIN code authorization in a native mobile app. As a result, customers no longer need to to rewrite one-time passwords, which makes for a better overall experience. Besides the use in internet banking and third-party apps, customers can also use RB Key when withdrawing cash at Raiffeisenbank’s cash desks or when calling the helpline.
The delivery of the RB Key for iOS and Android has been our greatest project yet. We used our cutting-edge security components as the puzzle pieces of a rock-solid mobile authenticator app. At the same time, we leveraged our more than a decade long experience in the app's design to bring Raiffeisenbank customers a fast and beautiful mobile app that improves their experience in digital banking. Here's what makes us the most proud of what we've introduced with RB Key.
Blazing Fast Login and Payment Approval
RB Key uses push notifications to alert the user about login requests or pending payment approvals. The user only needs to open the notification, review the operation, and use a PIN code or biometrics to confirm it (or reject it, in case anything seems fishy). RB Key is significantly faster and more user-friendly than the previous SMS OTP and I-PIN method.
Efficient User Onboarding
There's no point in making an app that nobody will end up using. This is why we made the user onboarding for RB Key simple. Raiffeisenbank customers can onboard the mobile token either via internet banking or by visiting a branch. In both cases, all they need to do is scan an activation QR code and approve the operation with a security element they already have. Fast, simple, and secure!
Recovery of a Lost Device
What happens if a customer loses a device with the RB Key app on it? This was one of the big questions (and concerns) for us to address. In the end, we found the right solution: To help the customer set up the RB Key on a new device, we implemented a secure device recovery mechanism. Users can rewrite the device recovery credentials while onboarding the mobile token or display them at any time in the app settings.
No Internet? No Problem!
In case a customer doesn't have an internet connection, RB Key supports an offline fallback mechanism. Customers can scan a QR code with login or payment details from their internet banking, approve it using a PIN code or biometrics in the RB Key app, and rewrite a 16-digit long authorization code (the same format as a credit card number) from the mobile app back to the internet banking.
The Main Hero: Invisible App Security
RB Key secures every transaction that is approved by the app's user. Every single login or payment request is signed using our strong cryptographic signatures, which leverage the power of the elliptic curve cryptography that is in the core of our own open-source authentication and authorization protocol for banking, PowerAuth. To harden the cryptography and application runtime even further, we've also equipped the mobile app with our industry-leading App Shielding technology.
Exceptional UX
We could have played it safe and designed RB Key to be a mobile app that is “just OK”. Instead, we took it much further and invested extra time and energy into crafting a stunning user interface, further enhancing the design with meaningful user interface animations, haptic feedback, and sounds. Plus, one bonus feature: iOS customers can even choose their preferred app icon.
Thanks to the security components by Wultra, we quickly responded to an increasing threat of mobile malware attacks and hardened our mobile application security.
Tomáš Rosa, Raiffeisenbank
Chief Cryptologist
