ING-DiBa taps Kobil for banking app security

Source: ING-DiBa

With its m-Identity-Protection solution, Kobil Systems backs the mobile transactions made by ING-DiBa bank clients.

The advantage: a second app (SmartSecure App) offered by Kobil provides for a secured additional community channel and a second virtual device to complement ING-DiBa’s actual Mobile Banking App. The bank is thus able to meet the security standards imposed by the European Financial Supervisory Authority without requiring its clients to authorize their mobile transactions via a second physical terminal device.

In future, Kobil‘s technology will enable SmartSecure App users to authorize transactions without entering TANs they have received by SMS or generated in a TAN generator. The solution is independent of the terminal device deployed and does not require any additional hardware to authorize transactions. It consists of a front-end and a back-end component. The front-end is the SmartSecure App. It is secured against copies made by dedicated devices, manipulation and the creation of fake-apps. Moreover, it provides various integrated security functions such as  

  • debugging and reverse engineering protection;
  • security sensors (jailbreak-, malware-detection);
  • protection against unauthorized usage (PIN);
  • end-to-end encrypted community channel;
  • unavailability for third party-applications.

Being equipped with these features, the app will be initially used for signing transactions and later also serve as virtual authenticator. The back-end component of Kobil’s security system is the Smart Security Management Server (SSMS), which is implemented at the ING-DiBa computing center and linked to their core banking system. This server e.g. serves to check:

  • if the SmartSecure App actually runs on the initially registered device or has been copied to another one;
  • if the running app still features its original code or has been modified;
  • if the app’s version is correct or needs to be updated;
  • s to be updated;
  • if the user enters the correct password to obtain details on the transaction.

“We are extremely pleased to have convinced ING-DiBa of our security technology. Their clients are thus provided with one of the most secure and convenient mobile solutions for transactions available on the market”, says Ismet Koyun, Gfounder and CEO of Kobil Systems. “We decided for German IT-security specialist Kobil because they perfectly meet our high expectations towards security, flexibility and usability”, explains Sonja Vollrath, head of ING-DiBa’s internet banking department.

Christian Valentin, Kobil’s ING-DiBa project manager describes the functional principle of the 2-in-1-security approach designed by his company and deployed by ING-DiBa as first German bank institute. “The SSMS provided by us establishes an individual, fully encrypted communication channel to the SmartSecure App and carries out the specified routine tests. Once the secured connection has been established, clients can perfectly safely confirm the transactions made via the actual ING-DiBa app“.

Comments: (0)