Snippet: Entersekt’s mission is to support financial institutions in their fight against digital fraud, so we watch the changing regulatory environment very closely.

Entersekt’s mission is to support financial institutions in their fight against digital fraud, so we watch the changing regulatory environment very closely. Our solutions are designed to comply with digital banking security guidelines across the globe, including those set out by the European Central Bank (ECB), the Federal Financial Institutions Examination Council (FFIEC), and the Monetary Authority of Singapore (MAS). In Germany, the relevant regulatory authority is the Bundesanstalt für Finanzdienstleistungsaufsicht, or BaFin.

In May 2015, BaFin published Minimum Requirements for the Security of Internet Payments (Mindestanforderungen an die Sicherheit von Internetzahlungen, or MaSI). According to this circular, at least two of the following elements must be present for a bank’s internet banking authentication process to qualify as strong:

  • Knowledge – something the user knows (e.g. password, PIN, ID number)
  • Ownership – something the user possesses (e.g. token, smart card)
  • Inherence – something the user is (a biometric characteristic, e.g. fingerprint or iris scan)

Another requirement is that at least one of these elements must be non-reusable and non-replicable. A one-time password (OTP, also called an mTAN) sent via text message may check these boxes, but years of breaches – including in Germany – have shown that OTPs are susceptible to all sorts of attacks. They also provide digital banking customers with a distinctly 20th-century user experience that does not meet expectations of service convenience. This is especially true on the mobile banking channel, which is growing enormously in popularity in Europe.

By implementing Entersekt’s Transakt product, a bank can offer its Internet banking users the protection that OTPs no longer provide while significantly improving the digital user experience. Instead of using text messages to receive OTPs from the bank every time they transact, users receive an instant push message over the secure out-of-band channel Transakt creates between their mobile device and their bank. A single tap on the mobile allows the user to respond Accept and authorize and digitally sign the transaction, or respond Reject and immediately cancel any suspicious activity on their account.

This push message meets BaFin’s requirements for non-reusability and non-replicability, but it also streamlines the authentication process by eliminating the need to switch between devices or apps and enter OTPs. What is more, there is no possibility of OTP delay or non-delivery when travelling, because the push message does not rely on mobile service.

One of Entersekt’s first achievements was our product’s international accreditation by Visa back in 2011. Compliance with MasterCard’s SecureCode standard followed the next year. Transakt was one of the first solutions to pass the FIDO (Fast IDentity Online) Alliance testing program as a FIDO Ready™ U2F token, and is still the only such solution centered on the mobile phone. With this track record, Transakt can help your institution make short work of any regulatory requirements around user authentication.

Subscribe to our blog.


Jolette Roodt

WRITER/ANALYST

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.