Banks and fintechs are at the vanguard of fraud protection, keen to keep the wheels of commerce turning while innovating to maintain the interest of their digitally savvy customers and ensuring that security remain robust, seamless, and easy to use. But how do you ensure your brand can keep up with the speed of the latest security tech?
Some companies are looking at the experience in Brazil to catch a glimpse of what they can learn.
Digio is a bantech that is becoming a leader in deploying strong, user-friendly security services into their financial platform. The digital bank is owned by one of the largest Brazilian bank: Bradesco. And its digital first approach is based on offering virtual credit cards and digital account services through a mobile app.
Digio breaks new ground
Digio’s passion for technology helps them achieve their aim of securing their digital banking services while still providing a frictionless user experience to all their customers.
Digio needed a partner that could:
- optimise security costs
- provide a scalable solution to support their aggressive growth plans
- offer a flexible pay-as-you-grow business model
- deliver all of these options with a fast time to market.
Digio is continuing on its bantech journey, which began with the launch of its popular credit card a few years ago and has progressed to the unveiling of digital bank accounts in early 2020. It is extending its portfolio with secure access to services to ensure all customers are confident that their money is safe. This is being achieved by deploying a mobile token solution which is both cost effective and very secure.
Let’s dig deeper into the solution it selected:
Cracking the user experience challenge
Fintech companies know that delivering a good user experience is vital and the approach that Digio is taking could provide a business model. It is ensuring access to its mobile app while continuing to provide the best possible user experience for its sophisticated digital native customer base. To achieve this, Digio is working with Thales to implement Gemalto IdCloud, a cloud-based strong customer authentication service that covers its bantech needs in terms of device binding, secure access, transaction signature and secure storage.
This solution offers high levels of flexibility, a speedy time to market for new services and the ability to scale rapidly.
Trust in Thales
Digio uses strong customer authentication (SCA) for login to its mobile app. Account takeover (ATO) is prevented through device binding.
The first time a user signs up for the service, device provisioning is triggered to securely bind the device to the user.
Every subsequent time the user attempts to access the app, Gemalto Mobile Protector SDK generates a unique cryptographic signature that is sent to the backend where it is validated to give the user access to the service. This process is completely transparent to the end user, so they can enjoy frictionless yet secure authentication when their device is recognised and approved.
Gemalto IdCloud enables financial institutions to secure the lifecycle of their digital banking services by combining identity proofing and identity affirmation services to secure onboarding and strong customer authentication (SCA) and risk based authentication (RBA) services to secure access. It minimises friction to deliver a first-class digital customer journey and is all carried out with one single platform.
Gemalto Mobile Protector is the Mobile SDK for Android and iOS that pairs with Gemalto IdCloud to deliver strong customer authentication (SCA) leveraging device-native fingerprint and facial biometrics, exposing a simple API to ease developer’s integration into the FI´s mobile apps. It integrates a combination of security mechanisms, such as code obfuscation, encryption, key protection mechanisms with key management, device binding, and root and jailbreaking detection. It turns the user´s smart phone into a highly secured personal device to enable secure access to the bank’s digital services as well as secure confirmation of transactions.
Gemalto Mobile Protector
Secure online transactions with your smartphoneGemalto Mobile Protector [PDF - 641 kb]
Thales Gemalto IdCloud
One cloud platform to secure the digital banking journeyGemalto IdCloud [PDF - 1mb]
Digio opts for cloud
Choosing a solution based on cloud services is a no-brainer for Digio as a digital-only bank focused on using the latest technologies. With a cloud model it can avoid a big initial infrastructure investment and be sure that it is in control of its costs with a pay per use approach. Integration is smooth, thanks to an API which is described in detail on the developer portal for its in-house team. Thanks to the cloud approach Digio can easily add other services whenever its needs change in the future.
What makes a good partner?
Thales is meeting Digio´s demanding requirements in terms of security, flexibility and delivery. As Marcelo Scarpa, Executive Director at Digio says:
Digio’s desire is to always offer an amazing and secure journey to our clients. It has been a pleasure working with Thales. Even though Thales is a global player it has a clear local presence. I feel confident that we are engaged in a long-term partnership that offers a clear roadmap that is not only flexible and easy to work with but also brings good support from local technical consultants who are easing the integration of the solution at our bantech.