Protect your digital banking with the most secure solution for transactions authentication

ACCORDING TO THE STATISTICS ALMOST 85% DIGITAL BANK USERS SUFFER FROM FRAUD TRANSACTIONS LIKE

ATM fraud

This type of attack means an attempt to get card details and PIN or swipe data from magnetic stripe or card’s chip.

MAN IN THE MIDDLE

Is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The aim is to capture and manipulate sensitive personal information -- such as login credentials, account details or credit card numbers -- in real time.

SOCIAL ENGINEERING

All the calls bank clients receive from scammers introducing themselves as bank security team, bank client relation team, any online shop with special promo. The aim of these attackers is to get the OTP-code to transfer money, change account passwords or simply buy something expensive or even gift vouchers that can be easily exchanged for money after.

PHISHING

Is a type of attack when bank clients receive SMS or email aimed to forward clients to any kind of a fake page. The purpose is usually to get money, get client’s details and then take over the account or sometimes – to install in a hidden way any kind of malware to hijack OTP codes of the bank or perform any acts to get access to client’s bank account.

TROJAN

Is a file, program, or piece of code that can either load all sorts of malware onto your system in their role as a gateway, or at least ensure that your phone is vulnerable to attack. Their goal is to obtain the access credentials to bank accounts.

SS7/SIM SWAP

SIM swap is a way of attack on bank clients aiming to make a clone of a SIM card to take a control over the user’s account.

The most common multi-factor authentication methods sorted by security level

SMS OTP

MPIN

OTP TOKEN

HARD TOKEN

PAYCONFIRM

SMS OTP means one-time password sent via mobile network or push. Clients don’t like to wait & retype these codes. The key problem with this method is that authentication code can be easily intercepted using simple malware or scam calls to bank clients.

mPIN is a mobile static password that is usually used in combination with touch ID or face ID. But to comply with regulatory institutions requirements you should perform integrity control checks and non-repudiation of transaction.

This method is more secure as it is based on cryptographic techniques. But as standard SMS OTP, soft- OTP also can be intercepted by scammers using social engineering techniques. Besides, if such an OTP is first generated on the server side, in this case there is a risk of internal fraud or unauthorized access in case of attack on the bank’s server.

By hard-tokens we mean MAC-token, USD-token or smartcard. They are more secure comparing to other methods of transaction confirmation but they can hardly perform integrity control check of transaction. Moreover, they cannot be applicable to mobile channel.

PayConfirm is a new generation soft-token that can decrease 75% of bank fraud: social engineering, phishing, code interception, man-in-the-middle attacks, etc.

Security, UX (Tap an icon to see detais)

Those approaches are not resistant to many types of attacks. They can be hijacked using technical tools, social engineering or phishing links sent to the user. Even OTP-token under big brand can be bypassed because of the nature of such a technological approach.

HOW PAYCONFIRM CAN HELP?

—

allows your clients to confirm any digitally generated transaction with just one tap. It is easy, secure, and can be done right from your mobile app. It doesn’t matter where the transaction was created — via the Internet, mobile device, or kiosk — it will be confirmed in your mobile app using the highest level of protection.

The secret of PayConfirm security is in the asymmetric cryptography in the core of the solution. There is a key pair split between a bank and a banking app. Every time users want to confirm transactions, they simply need to unlock the key using touch ID/Face ID or static passwords.

TRY DEMO