In June, news sites in South Africa heralded the release of Capitec Bank’s all-new remote banking app. The app is built on Entersekt’s Transakt SDK, and our staff needed no further reason to celebrate the launch with balloons and some of South Africa’s best sparkling wine.
Capitec Bank is a listed South African retail bank with over R46 billion (US$4.3 billion) in assets. It serves in advance of 5.4 million clients from more than 630 branches and through its online and mobile banking channels. The bank strives to design banking products that meet four goals: simplicity, affordability, accessibility and personal service. To do so, its strategy is to invest in state of the art technology that maximizes ease of use while keeping costs down.
That’s where Entersekt comes in.
Looking backEntersekt’s association with Capitec Bank goes back to early 2012, when we were enlisted to enhance the bank’s online banking authentication. The authentication system Capitec had been using required hardware tokens that generate one-time passwords (OTPs) to its Internet banking clients.
Powered by Entersekt’s Transakt product, Capitec’s new interactive authentication method was released in August 2012. As an alternative to the OTP-based authentication method, it allowed Capitec’s clients to authenticate online banking transactions using their mobile phones. Transakt deploys X.509 digital certificates to uniquely identify every enrolled mobile phone and the service provider itself – so that both parties are verified to each other as legitimate. (The app is linked to the mobile device and not the SIM card, insulating Capitec’s clients from SIM-swap fraud, which has climbed dramatically in South Africa in recent years.)
For further protection, Transakt encrypts all transmissions end-to-end and includes the ability to digitally sign transactions, ensuring that only the registered account holder is able to authorise transactions on his account. This singular use of digital certificate technology is unmatched on the market anywhere in the world, and thwarts phishing and man-in-the-middle/browser attacks.
Exciting road aheadNow, a couple of years later, this out-of-band authentication functionality has been deployed to the bank’s PIN-protected remote banking app, built from the ground up using the Transakt SDK, meaning that clients using the Internet and mobile channels are protected with the same application, available for download from all approved app stores.
For this release, Capitec Bank chose to limit its remote banking offering to core on-the-go banking functionality, to ensure the app worked on the broadest range of mobile phones, including feature phones. Capitec’s clients can view account balances and transaction history, create and pay beneficiaries, transfer funds between their accounts and, as before, authenticate and digitally sign remote banking login events and sensitive transactions.
Having built a secure communication channel between itself and each of its remote banking clients, all of whom it can uniquely identify, the bank has big plans for an expanded series of innovative new mobile offerings. “There are some really exciting things in the works,” says Capitec.
We can’t wait to see!