Do not compromise between safety and convenience
While it makes no doubt that security must be treated as a top priority for the banking industry, finding the right balance between convenience and security has been an issue for a long time.
With the massive success of the smartphone, customers are used to fast and convenient authentication: mostly for unlocking their device, customers authenticate more than a hundred times per day, using from traditional login (Pin or unlocked pattern) to the latest biometrics (fingerprint or face recognition)
Whether for web-banking operations, payments or mobile banking, smartphone is the best option to ensure cross-channel customer security:
Convenient: Mobile authentication is the most used form of authentication
Secure: Through multi-factor authentication on a single device, mobile is now the best authentication tool
Widespread: Most people are already equipped with a smartphone (France: 72% penetration rate)
Cost-efficient: No need to deploy hardware or send costly SMS
New regulations such at PSD2 push banks to tighten the authentication of their customers to provide maximum security for various types of transactions. This new framework, mandating 2-factors authentication, means that users need to prove their identity by two separate elements out of three:
Something they know (e.g., a PIN code or password)
Something they possess (e.g., a “trusted” mobile device, a card)
Something they are (i.e., biometrics such as fingerprints, a face scan)
PSD2 is a key challenge for a lot of banks, still relying on unsecured and non-compliant One Time Password (OTP) solutions for transaction authentication. With Antelop’s secure SDK, we make PSD2 compliancy authentication easy to deploy for banks and convenient to use for your customers.
Adaptative Multi-Factor Authentication
The Antelop secure solution is based on one to several-factors authentication. The first factor is transforming the device into a “trusted” device with leading security mechanisms. “Trusted” device can then be combined with any of the following factors:
Device Unlock: pattern, pin code, passcode or any other method supported by the device (eg. Face ID)
No biometrics or personal data stored or processed outside the local SDK. Advanced encryption for server-side security checks.
The bank defines which factors combination are relevant for each level of authentication, example:
Low: device unlock or fingerprint
Medium: fingerprint and passcode
Strong: (fingerprint or passcode) and facial recognition
MOBILE SECURITY at its best!
Advanced security mechanisms
With its multilayer security (device binding, root detection, obfuscation, anti-tampering, anti-debugging, anti-cloning…), the Antelop SDK efficiently protects your customers from advanced malware attacks and transforms the smartphone into a “trusted” device.
All Use Cases Covered
The Antelop authentication solution covers all authentication use-cases, using the smartphone for strong customer authentication, regardless of the operation channel:
3DS 2.0 Authentication
Credit transfers, P2P
Mobile Contactless Payments and QR code
Mobile and Desktop TPP Application
Example: Desktop checkout with 3DS 2.0 ecommerce payment
The transaction is initiated on a desktop computer, a push notification is sent to the mobile which opens the banking application. The customer strongly authenticates according to the desired pattern (from simple consent to multi-factor authentication) and the payment page automatically refreshes with result of transaction.