Mobile authentication to secure all digital channels
The mobile is shaking the entire financial ecosystem, constantly raising consumer expectations to do all their banking on the go. The digital banking app has been the new branch.
Financial institutions must guarantee that they have the necessary security schemes in place to protect these services.
There's more.
They must ensure these implementations comply with ever stricter regulations, such as the EU Payments Services Directive (PSD2) or FFIEC in the U.S.
They are facing increasing cyber-attacks, calling for higher levels of security.
Read more on strong customer authentication
Next-gen security for new-gen services
Reports from security specialists confirm that mobile malware is on the rise in both numbers and sophistication year after year.
As seen in Kaspersky's threats evolution report, the first half of 2020 saw a huge increase in mobile banking Trojans as fraudsters are taking advantage of the coronavirus pandemic to target this channel.
After the wave of infamous SMS malware (like Eurograbber), which forwards to hackers the OPT (one-time password) received to validate transactions, fraudsters now try to disguise themselves as genuine bank applications to collect card details and online users' credentials (HWorm, Houdini).
To counter these threats, field-proven, robust, and flexible authentication solutions are essential.
Secure online banking transactions.
Thales Gemalto Mobile Authentication Suite helps banks address all these challenges.
The suite:
- Provides state-of-the-art security to the mobile channel
- Allows all other transaction channels to be secured with the mobile
- Adds biometric authentication for unmatched convenience and the right level of trust required for digital financial services.
- 1. Thales Gemalto Mobile Protector: a mobile security and multi-factor authentication SDK
- 2. Thales Gemalto Mobile Messenger: an Out-of-Band messaging server and mobile SDK
Multi-factor authentication, including biometrics
Gemalto Mobile Protector is a Software Development Kit providing APIs to implement multi-factor authentication and mitigate against malware attacks easily. It offers three layers of authentication:
- What I have: the first layer of authentication in the form of device binding, which consists of strongly linking the registered mobile device to a specific user account.
- What I know: It's the classic PIN code. This knowledge factor provides an additional security layer and is used as the backup and root security for the other authentication factors. The solution includes a built-in randomised secure PIN pad to defeat attacks such as key loggers.
- What I am: The third layer is composed of biometric factors, including fingerprint and facial recognition. Biometric authentication is convenient since it eliminates the need to use PIN codes repeatedly.
One-stop-shop authentication device
Banking customers often use their mobile banking applications as the primary channel and switch to the computer or tablet for more complex tasks. Financial institutions can embrace this behaviour by making the mobile the central hub for functionality and security.
In other words, FIs can provide a much more fluid experience.
Gemalto Mobile Messenger enables this seamless experience by ensuring that the mobile can authenticate all channels. Your customers can then use the motheire, tablet, or computer to perform their banking operations, using their mobile phone as their one-stop authentication device.
Gemalto Mobile Messenger includes an advanced Out-of-Band messaging server and mobile SDK to send and receive messages, including authentication requests and transaction verifications, to targeted groups or individuals.
It creates a secure channel between the FI's information/authentication systems and the mobile app. All communication is encrypted and signed.
More information on these software modules is available on the pages below.
Over 100 financial institutions use our mobile authentication suite.
Gemalto Mobile Authentication Suite is already used by more than 100 FIs worldwide to secure their financial services: mobile banking, mobile wallet and payment, digital banking, eCommerce, card management, P2P money transfers, and cardless ATM, to name a few use cases!
What customers are saying
Elena Degteva, Head of Remote Banking Services Department, VTB24, Russia
Jorge Krug, IT Security Superintendent, Banrisul, Brazil
Thales is your trusted partner.
From strong user authentication to transaction signing and risk management, we're here to help you create a remarkable customer experience and develop innovative payment services for corporate banking, digital banking, and eCommerce use cases.
Corporate banking
We help banks deploy more robust and secure solutions for corporate use cases such as 3FA (three-factor authentication) devices and WYSIWYS (what you see is what you sign) methods.
Retail banking
Our solutions allow retail banks to balance user convenience and security across all digital channels and use cases.
eCommerce
With our eCommerce solutions, banks can mitigate online fraud (card-not-present in particular) without impacting the existing payment infrastructure or the user experience.
Mobile authentication in the cloud
Our mobile authentication solutions can be integrated on-premises or as a cloud-based managed service. By moving to the cloud, you can deploy the same security and convenience for your digital services in a much faster, flexible, and cost-efficient manner. Read more about the authentication cloud services that are part of Gemalto IdCloud, the platform to secure onboarding and access to digital banking services.
More resources on mobile authentication
- Thales Gemalto Mobile Protector
- Thales Gemalto Mobile Messenger
- Thales Gemalto IdCloud
- Strong customer authentication to secure access to digital banking
Download
Thales Gemalto Mobile Secure Messenger
Secure your online and mobile channels with your mobile phone
Gemalto Mobile Secure Messenger [PDF - 1.2mb]Gemalto Mobile Protector
Secure online transactions with your smartphone
Gemalto Mobile Protector [PDF - 641 kb]Thales Gemalto IdCloud for Access
Cloud based strong customer authentication and flexible risk management to secure access to digital banking services
Gemalto IdCloud for Access [PDF - 2 mb]How to analyse PSD2 RTS compliant and non-compliant practices - Focus on mobile based authentication methods
This white paper helps you understand the consequences of PSD2 RTS for mobile based solutions and what you need to think about to be compliant.
Read the whitepaper