Smart OTP

SMART OTP system is installed at the Bank, integrated with Mobile Banking system to provide enhanced SMART OTP online authentication solution.

Replace the Mobile Banking system in issuing and using SMART OTP, creating OTP, and authenticating application activation with advanced encryption standards AES, ECC

NEW FORM OF AUTHENTICATION

User authentication & transactions – like traditional forms of authentication (password, fingerprint, SMS OTP)

SOFTWARE

Installed on mobile devices, tablets, computers, provide a one-time password when users is using online apps

SOLUTION OFFERING

Flexible solutions for mobile banking customers and internet banking customers

OTP code is authenticated on the server with transaction-related data (transaction signing)

BENEFITS OF SMART OTP SOLUTION

COMFORTABLE: advanced transaction limits with smart OTP verification solution

EXPERIENCE: authentication is done right on the app, convenient for customers

SAVING: bank SMS cost & user token cost

SECURITY: multiple security is combined to guarantee for the safety of users and bank

 SECURITY OF SOLUTION

  1. COMPLIANCE WITH SECURITY STANDARDS
  • According to OWASP and Bank standards
  1. SECURITY LEVEL OF APPLICATION
  • Stop the duplication of applications to another device.
  • The encrypted information is generated upon activation, associated with the customer and the device
  1. SECURITY WHILE USING ON DEVICE
  • Do not allow execution on unsafe operating systems (Root, Jailbreak)
  • Don’t run on debugging hook environment, unlocking the screen,…
  1. ANTI SOCIAL ATTACK
  • Trust device: SMART OTP activated to run on a device that is defined as trusting over [n] financial transaction
  1. ANTI FAKE DATA
  • The token is a piece that is half from the client and half from the server
  • The key performing the encryption is exchanged during activation. The client generates a key pair and sends the public key to the server. The server generates a key pair and sends the public key to the client
  • OTP is generated from transactionId, from the account, to account, amount, device information, client token, server token
  1. SERVER – ANTI CHANGING THE INFORMATION VÀ PERFORMING TRANSACTION
  • Don’t have client private key information to perform the transaction
  • Use HSM to store keys, encrypt and decrypt data