PSD2
Strong Customer Authentication

PSD2TAC logo

A two-factor, strong customer authentication software for mobile apps. Focused on user experience.

In Partnership with

Bearing Point is a partner of Innoopract

PSD2TAC

Meet your regulatory requirements and delight your customers with PSD2TAC.

The easiest path to SCA is using the universal computing device that most customers are carrying with them all the time – their mobile phone.

Strong Customer Authentication (SCA) is mandatory in the European Union for many online banking / payment tasks.

SCA carries a potential for disruption as it affects all online banking customers and is not commonly used today. Two-factor authentication, the basis for SCA, is not known to 50% of Internet users.

We offer ready to integrate components for apps and backend for transaction approval

They can be made available to your customers within weeks. PSD2TAC provides a future-proof solution to securing Online Banking, Instant Payment and the collaboration with Payment Service Providers.

Focus on end users

  • Strong customer authentication (SCA) is a challenge for users.
  • User-centric design and early user testing are key for user acceptance and broad adoption of SCA.
  • It is important to make sure not only millennials feel confident using SCA apps.
  • 80% of the participants in user testing were impressed by the easy handling of PSD2TAC.

Focus on end users

  • Strong customer authentication (SCA) is a challenge for users.
  • User-centric design and early user testing are key for user acceptance and broad adoption of SCA.
  • It is important to make sure not only millennials feel confident using the app.
  • 80% of the participants in user testing were impressed by the easy handling of PSD2TAC.

EBA-RTS requirements for PSD2

  • Protect the confidentiality and the integrity of the payment service users’ personalized security credentials.
  • Secure communication between the payment app and the payer bank.
  • Two-factor authentication: two elements from different categories – knowledge, possession, and inherence.
  • The authentication code generated shall be specific to the amount of the payment transaction and the payee agreed to by the payer.
  • Separated secure execution environments through the software installed inside the multi-purpose device.
  • Mechanisms to ensure that the software or device has not been altered by the payer or by a third party or mechanisms to mitigate the consequences of such alteration where this has taken place.

Two-factor authentication

For ensuring a fast and user-friendly transaction acceptance,
we focus on the authentication elements possession and inherence.

Possession

Strong binding of the SCA app component to a device by technical measures, e.g. using push messages from the platform providers. The user’s smartphone can serve as an element of the possession category for the authentication.

Inherence

On today’s smartphones, the inherence category can be expressed by using fingerprints, iris scanning, or face recognition.

Knowledge

Passwords are a typical element of the knowledge category for the authentication. We help users to choose a strong password. For the app’s set up a strong password is necessary.

How do we keep our authorization process safe?

PSD2 Strong Customer Authentication process

Ensuring secure communication

There are three factors for ensuring secure communication between payment apps and the bank/PISP

Transfer encryption
(https)

Certificate pinning
(the app communicates only with a server which provides the correct certificate)

Customer specific symmetrical encryption of all data

Secure Execution Environments

  • Complete control of the runtime environment by using a particularly protected virtual machine.
    • Runtime Self Protection protects apps in compromised environments.
    • Rootkit/Jailbreak detection.
    • Resource verification with cryptographic signatures.
    • Repackaging prevention.
  • Regular security testing by recognized security experts.
  • Separate secure execution environments during the initialization and the acceptance of payment on the same device are guaranteed.
secure-mobile-app-screens

Our solution – highly secure and easy to use

TAN App SCA for mobile apps
TAN App SCA for mobile apps
TAN App SCA for mobile apps
TAN App SCA for mobile apps

Our offer

Software product development by Innoopract
tailored-services
Software product development by Innoopract

System components

  • App module built with secure technology for strong customer authentication.
  • Backend component for secure communication with the app using push notifications.
  • Backend component for secure key exchange, for secure storage of secret keys, and for binding the app to a device.
  • Backend component with client certificate protection for communication with banks/PISP backends.
tailored-services

Integration services

  • Services for the integration backend/app module.
  • Services for the individualization of the app module.
    • User interaction/branding.
    • Individual hardening of the secure environment.

MEET YOUR REGULATORY REQUIREMENTS

We’ll be happy to tell you more and send you a brochure.

Contact us and learn at the source about the solution that involves state of the art cryptography, rootkit / jailbreak detection, resource verification, repackaging prevention and certificate pinning.