Financial institutions and other organizations use the Transakt software development kit to integrate Entersekt’s multi-factor authentication technology into their existing mobile apps. Where rapid rollout is required, the off-the-shelf Transakt mobile app offers the same security features but with limited scope for customization.
UNIQUE DEVICE ID
Entersekt’s patented emCert mobile certificate technology generates a public/private key pair that uniquely identifies your customer’s mobile device. Communications from your financial institution are similarly validated on the device, so your customer can be sure of their source.
Customer responses are signed with the device’s private key, supporting nonrepudiation. Transakt also allows signing of individual batched transactions on a mobile device, meeting stringent regulatory requirements in Singapore and elsewhere.
CUSTOM SIGNING CERTIFICATES
Although emCert is always used to establish the secure communication channel between your financial institution and your customer’s mobile device, multiple certificates from certification authorities can be hosted in the protected Transakt key store. You can thus continue using certification authorities you trust or are integrated to for certain business processes.
ENCRYPTED CHANNEL FOR OUT-OF-BAND AUTHENTICATION
Transakt’s self-contained, NIST-compliant cryptographic stack and communications layer enables an isolated, end-to-end encrypted communications channel between the user’s mobile device and your mobile app server. No third party, including Entersekt, can access these communications.
Because this cryptographic stack forms an entirely separate communications channel from the conventional Transport Layer Security (TLS) channel initiated via the mobile device’s operating system, even transactions originating from the same mobile device can be authenticated out of band.
SECURE BROWSER PATTERN
Transakt also enables trusted TLS connections to your web servers, protecting mobile-initiated communications from man-in-the-middle tampering or eavesdropping.
DYNAMIC PUBLIC KEY PINNING
For protection against man-in-the-middle attacks exploiting rogue certificates, Transakt provides the option of public key pinning. Here, your mobile banking application disallows a TLS connection if it cannot match a certificate to your institution’s custom list of trusted certificates.
FIPS 140-2 LEVEL 3 ON-PREMISE ENDPOINT
Transakt is the user-facing component of the Entersekt ecosystem. It works in conjunction with the Transakt Secure Gateway hardware appliance, where all encrypted communications terminate. The Transakt Secure Gateway, which communicates with the institution’s back-end services, incorporates a FIPS 140-2 Level 3 hardware security module for encryption functions.
A single Transakt Secure Gateway cluster can accommodate multiple service IDs. This allows Entersekt’s clients and partners to provide secure channel capabilities to multiple institutions or brands independently, and to add new ones rapidly too.
PROTECTION FROM MALWARE AND BRUTE FORCE ATTACKS
Layered mobile and server-side detection/prevention procedures in place mean Transakt is invulnerable to common malware, SIM swaps, and brute force attacks.
ADDITIONAL LAYERS OF SECURITY
Transakt natively supports fingerprint biometrics on mobile devices with this capability. It also provides device and application context to the Transakt Secure Gateway for context-based risk scoring. Data points used include device type, operating system version, geographic location, and advanced detection of rooting, jailbreaking, or similar mobile operating system security bypass hacks.
SIMPLE ONE-CLICK AUTHENTICATION
Transaction authentication requests are automatically pushed to your customer’s mobile device. They respond by simply selecting Accept or Reject. No clumsy re-entry of one-time passwords or answers to challenge questions is required.