Mobile Banking Authentication Secures Your App Security Platform While Eliminating the Need for Hardware Tokens Or One-Time Passwords

Account Entersekt Protection solutionsMobile 2015 Banking authentication

The Entersekt Entersekt’s solution for mobile banking authentication secures your app security platform while eliminating the need for hardware tokens or one-time passwords. Our product, Transakt, lies at the center of all of our solutions. Transakt uses industry-standard digital certificates to deliver the strongest possible device identification. These can be combined with a PIN, password, or fingerprint scan to identify the user and enable easy yet secure access to your mobile banking app. Transakt also creates a secure communication channel between your financial institution and your customers’ mobile devices. This enables you to send real-time requests to your users to authenticate sensitive transactions. Their responses are digitally signed, supporting nonre- pudiation, then encrypted and returned. Because the Transakt channel is truly out of band, Transakt counters all phishing attacks, man-in-the- middle exploits, and other kinds of digital fraud. Your institution retains complete control over user registration, which is independent of mobile networks and SIM cards. If a user’s phone is stolen, the certificate is revoked, immediately rendering the application unusable. What makes Transakt deploys a unique X.509 digital certificate to each mobile device. This robustly Transakt unique? identifies the device and creates a secure, mutually authenticated connection between it and the Transakt Secure Gateway – a FIPS 140-2 Level 3 hardware appliance installed behind the bank’s firewall.

Typical implementation Mobile device A security token is retrieved from the Transakt Secure Gateway via a completely out-of-band channel. This token is used to Mobile banking app App server authenticate transaction requests originat- Application request and token ing from the mobile banking app. 3 Phone OS Transakt SDK crypto 5 Server response Internal user 4 verification

Token request

2 Mutually secured channel Token using the Entersekt system Firewall Transakt Secure Gateway Account Entersekt Protection solutions 2015

Transakt is available as an SDK that integrates with your mobile banking apps for the iOS, Android, BlackBerry, and Windows Phone platforms, as well as feature phones capable of running Java applications.

Multi-factor Instituting multi-factor authentication is authentication vital if you are serious about protecting your customers’ accounts, but many such could not be easier deployments impact negatively on mobile banking users, who find them a cumber- some impediment to getting the job done. With Transakt, your customer’s mobile device becomes a second factor of authentication – something they possess. They need no additional hardware. Using multi-factor authentication couldn’t be simpler. When a transaction is initiated, Transakt Secure Gateway hardware appliance you can opt to push a simple “Accept/ Reject” request directly to the user’s mobile device, or you can perform user verification in the background, in a process that is entirely transparent to them. Either way, transactions are digitally signed using the digital certificate unique to the mobile device.

User experience Benefits Features 1. Your customer opens your mobile • Counters phishing and man-in-the-middle • Installs a unique industry-standard (X.509) banking app attacks through dynamic certificate pinning digital certificate on the mobile device, providing the strongest form of mobile 2. Depending on your organization’s • Enables a bank to provide secure, feature- device identity, entirely transparently security policies, a simple PIN, rich banking through a mobile app without password, or fingerprint scan may having to sacrifice functionality because of • Encrypts communication across all be all that is required to access security concerns IP-based data bearers (Wi-Fi, GPRS, 3G, the mobile banking app, because 4G, CDMA, UMTS, LTE) using the Transakt • Secures legacy, non-mobile online services Entersekt’s digital certificate SDK’s self-contained cryptographic stack too, when used as a multi-factor authenti- technology has already uniquely cation tool built into the mobile app • Deploys as a powerful SDK with a well- identified the mobile device in use defined application programming interface • Provides seamless out-of-band, two-factor 3. The user can now use your app for tailoring functionality and customizing authentication, including digital transaction and transact as they normally the design signing, without the user having to switch would apps • Works on iOS, Android, BlackBerry, 4. For high-risk transactions, a Windows Phone, and feature phones • Establishes an asymmetrically encrypted real-time authentication request is capable of running Java applications communication channel between your pushed to the app via a separate enterprise and each end user, which no communications channel, requir- third party, including Entersekt, can access ing the user to make a simple “Accept/Reject” choice • Requires no change in user behaviour, and no additional devices

Act now You can’t afford to wait. Visit www.entersekt.com South Africa USA Netherlands Capital Place Tower Place 100, Suite 620 Kingsfordweg 151 or email [email protected] to find out more Neutron Avenue 3340 Peachtree Road NE 1043 GR Amsterdam about Entersekt’s unique approach. Technopark, Stellenbosch Atlanta, GA 30326 Netherlands +27 21 815 2800 +1 404 698 1001 +44 207 193 5966