Strong Customer Authentication

Customer Verification System (CVS)

Recent fraudulent attacks have proven that PIN and password are not providing the level of security that is required to securely conduct the exchange of sensitive data. In addition to that also the telecommunication infrastructure has revealed vulnerabilities which have already been a backdoor for misuse of SMS based Transaction Codes. On the other hand biometric authentication is very well accepted by the users of mobile applications and considered as ideal securitization by banks and regulators. BGS Customer Verification System makes use of this fit and offers the next level of security for electronic transactions.


BGS is one of the first solution providers to offer a cost-effective, simple-to-implement solution specifically designed to establish an extra layer of trust between a bank and its clients, especially in relation to the trust in the identity of the client. The underlying objectives in designing the solution were ease of implementation and management, requiring limited operational support and being highly adaptable to address new threats.

 

Slide background

Strong Customer Authentication
is a procedure based on the use
of two or more of the following elements
categorized as knowledge, ownership and inherence.

 

Unique Password Protection

Binding a customer to a previously registered mobile device is the first element of the CVS security concept. After that, the user defines the Passphrase or PIN and/or sets his biometric data that he wants to use for authentication. This information is not stored anywhere in the system or on the host server. It is only known to the user.

RSA Keys are used to establish a secure channel between the CVS Host and the application on the smartphone during the initial activation process and for transaction processing The multilayer encryption methodology protects the communication between bank and customer from all kinds of threats such as fraud-after-theft, hacking, malware, Man-in-the-middle, and all known SSL weaknesses.

Easy SDK integration

The Customer Verification System comes as a SDK for seamless integration with existing banking apps. The back-end is a Enrolment- and Authentication Host, which generates and encrypts keys via a Hardware Security Module (HSM) for protection of sensitive data. The convenience of use and the various use cases made it an immediate success in our first implementation at VTB Bank, the second largest bank in Russia, with about 500,000 users enrolled to the service.

Slide background

1.125,00

Massive Fraud in Card Not Present

With €958 million in fraud losses in 2013, CNP fraud was not only the largest category of fraud in absolute value but, unlike ATM and POS fraud, also the only one recording an increase compared with the previous year, with growth of 20.6% from 2012 (ECB: Fourth report on card fraud, July 2015). On 12 January 2016, Directive (EU) 2015/2366 on payment services in the internal market (PSD2) entered into force in the European Union, and it will apply from 13 January 2018. Among others, the main objectives of this legal framework are stated as: Security of electronic payments is fundamental for ensuring the protection of users and the development of a sound environment for e-commerce. All payment services offered electronically should be carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.

Related Downloads

 Customer Verification System  Mobile Payment Suite  Wallet Solutions
 Customer Verification System  Mobile Payment Suite Wallet Solutions 

We are using cookies to provide statistics that help us give you the best experience of our site. You can find out more or switch them off if you prefer.