Authentication as a process of verifying user's identity is a common way of ensuring secure access to mobile and web applications. As digital banking becomes an important part of people’s lives, it is becoming more and more crucial to make sure that the right person is accessing your app, both on mobile and web channels. Moreover, with the PSD2 legislation, authentication and authorization need to take third parties into account as well. It’s obvious that authentication and authorization of a user accessing a mobile or web app is a security necessity of the utmost importance. Wultra is here to help you with this process.
Different Channels, Different Approaches
There are three ways in which the user’s identity can be verified, dependent on whether they access your mobile banking app, internet banking or, newly with the PSD2 legislation, whether authentication in open banking is required. PSD2, at the same time, tightens up requirements for authentication in general.
01. Mobile Banking
In case of mobile banking, security ensures Wultra Mobile Security Suite, a solution that is built-in in the core of your app. Thanks to this solution, multi-factor authentication of a user and authorization of operations is possible. There are three main factors which are used for verification - knowledge (PIN code), inherence (fingerprint, face ID) and possession (a concrete paired device). Two or more of these ways of user verification done at the same time proves that it’s the right person who is accessing your app and their requirements (payments or anything else) are not fraudulent. Wultra Mobile Security Suite controls app access and cryptographically protects the executed payments, which is a necessary component of the PSD2 compliance with Strong Customer Authentication (SCA).
02. Internet Banking
The solution for authentication in Internet Banking, API banking or trading system is provided by Wultra in the form of Mobile Token. To log in or authorize a payment, the user receives a request from their bank to verify their identity. This verification request is sent via Mobile Token to the end-user’s mobile phone. The identity is then verified through their PIN code or biometrics. This completes the process of authentication and authorization. In addition to that, Mobile Token makes the process of document signing quick and simple. Mobile Token is protected against mobile malware and runtime attacks thanks to the App Shielding technology, a market leading RASP solution. Mobile Token also works without an internet connection thanks to the “off-line mode”.
03. Open Banking
With the PSD2 legislation, it is necessary to authenticate the user’s identity in the world of open banking as well. It is important that the solution meets the Strong Customer Authentication (SCA) requirements. Wultra’s security solution stands in the middle of open API ecosystem of a client’s bank. This solution is highly convenient for the user, since there is just one interface for accessing and verifying the user’s identity when accessing their other bank accounts. To prove one’s identity, either authentication SMS or Mobile Token can be used. After authentication, the access to the user’s other bank account is approved. Wultra Web Authentication is effortless to integrate with open standards and platforms which leads to quick, cheap and effortless security solution for your mobile and internet banking or banking API.