Smart OTP
SMART OTP system is installed at the Bank, integrated with Mobile Banking system to provide enhanced SMART OTP online authentication solution.
Replace the Mobile Banking system in issuing and using SMART OTP, creating OTP, and authenticating application activation with advanced encryption standards AES, ECC
NEW FORM OF AUTHENTICATION
User authentication & transactions – like traditional forms of authentication (password, fingerprint, SMS OTP)
SOFTWARE
Installed on mobile devices, tablets, computers, provide a one-time password when users is using online apps
SOLUTION OFFERING
Flexible solutions for mobile banking customers and internet banking customers
OTP code is authenticated on the server with transaction-related data (transaction signing)
BENEFITS OF SMART OTP SOLUTION
COMFORTABLE: advanced transaction limits with smart OTP verification solution
EXPERIENCE: authentication is done right on the app, convenient for customers
SAVING: bank SMS cost & user token cost
SECURITY: multiple security is combined to guarantee for the safety of users and bank
SECURITY OF SOLUTION
- COMPLIANCE WITH SECURITY STANDARDS
- According to OWASP and Bank standards
- SECURITY LEVEL OF APPLICATION
- Stop the duplication of applications to another device.
- The encrypted information is generated upon activation, associated with the customer and the device
- SECURITY WHILE USING ON DEVICE
- Do not allow execution on unsafe operating systems (Root, Jailbreak)
- Don’t run on debugging hook environment, unlocking the screen,…
- ANTI SOCIAL ATTACK
- Trust device: SMART OTP activated to run on a device that is defined as trusting over [n] financial transaction
- ANTI FAKE DATA
- The token is a piece that is half from the client and half from the server
- The key performing the encryption is exchanged during activation. The client generates a key pair and sends the public key to the server. The server generates a key pair and sends the public key to the client
- OTP is generated from transactionId, from the account, to account, amount, device information, client token, server token
- SERVER – ANTI CHANGING THE INFORMATION VÀ PERFORMING TRANSACTION
- Don’t have client private key information to perform the transaction
- Use HSM to store keys, encrypt and decrypt data
Interested in our solutions? Get documentations here.