1 CVS

Strong Customer Authentication (SCA)

 

Strong customer authentication is a procedure3factors
based on the use of two or more of the following
elements categorized as knowledge, ownership
and inherence. 

 

 

 

 

 

 

registration step 1

 phone reg 2phone reg 3

 

 

 

bar1

The ability to assert the trustworthiness of a device is vital for addressing mobile transaction security concerns. Binding a user through a known single password to a previously registered device is the first element of the CVS security concept. This is achieved by the combination of user specific data entered during the enrollment for the CVS services. Upon registration for the CVS service, the customer is prompted to insert registration data, predefined by the bank's internal rules and in line with ECB Recommendation No. 6 and No. 8. The enrollment data may include: customer name, mobile phone number, account number and a registration passcode.

 

bar2After this initial step, the user defines the Passphrase or PIN and/or sets his biometric data that he wants to use to sign transactions. The PIN corresponds to element 2 something only the user knows and the biometric data (fingerprint, face recognition) represents element 3 something the user is. This ensures highest flexibility for the bank to define any combination of elements, as per its own risk assessment procedures and in  consideration of ECB Recommendation No. 8, that it may require for the authorization of a financial transaction. It is important to note that the access control (either Passphrase/PIN or Biometric) is created offline on the mobile phone itself. This information is not stored on any host server, and is only known to the user. RSA Keys are used to establish a secure channel between the CVS Host and the application on the smartphone during the initial activation process and for transaction processing.

 

bar3

Once the registration code generated by the application has been received and verified by the host, the corresponding activation code is sent to the phone by SMS. The user enters the activation code to complete the initial activation process. Upon successful activation, the user will be able to login to the application and carry out transactions securely with his identity verified and protected from fraud-after-theft, malware and other cyber threats.

 

For full product information about strong customer authentication please

refer to our product brochure "BGS Customer Cerification System"

 

 

We are using cookies to provide statistics that help us give you the best experience of our site. You can find out more or switch them off if you prefer.