Since February 2016, netbank - internet-only bank headquartered in Hamburg - has been securing its online banking not only with mobile TAN and chip TAN but also by Secure-App, which is based on the m-Identity Trusted Message Sign solution designed by Kobil.
Secure-App enables netbank clients to authorize transactions set up on their PC or tablet through a registered Smartphone without having to enter any TAN. “Hereby, we offer our more than 160,000 clients a most convenient and extremely safe authorization procedure for their transactions. Moreover, we were able to implement this solution quickly“, says Nico Koller, netbank AG’s IT department manager.
In order to sign transactions via app, the customer needs to download the app from the Android- or Apple-Store, register it once with their bank and can then use it to enter a PIN. Secure-App has been hardened by KOBIL’s technology. It is e.g. secured against copying from dedicated devices, manipulation and fake-app creation.
If, for instance, a money transfer is to be signed, the bank‘s online banking application will send an authentication request to KOBIL’s Smart Security Management Server (SSMS), which works at the bank’s backup. Simultaneously, the SSMS will verify various safety parameters while it is communicating encoded with the client’s app - for instance, it will check if the device user corresponds to the identity of the authorized bank client.
If any of these safety parameters cannot be verified, the SSMS will terminate its communication with the app and the respective transaction cannot be authorized. However, if all parameters are correct, the signing procedure is completed and the money transfer can be processed.
All transaction-related details will be encoded and sent to the backend-server, which opens another secured communication channel and sends the information to the app. Now the user can verify the information’s correctness and sign the transaction by pressing a specific button or reject the process. The Security Server will confirm the transfer’s confirmation to the online banking application in the PC’s or tablet’s browser. That means, clients will not have to wait for an SMS to enter the TAN communicated therein manually nor do they have to generate the TAN to be entered in a chip TAN generator.
“We are glad to see KOBIL’s technology has convinced netbank. It will help them completing their mobile banking service by an advanced, easy to use and most of all convincingly safe and reliable authorization alternative to mobile and chip TAN”, says Adnan Garip, KOBIL Systems’ head of sales in Germany, Austria and Switzerland.
The PSD II-compliant KOBIL technology is based on the platform-concept of easy extension. “Based on m-Identity, banks can offer their clients other reliable online services, like secured communication”, Garip explains. Of course, netbank knows that, too. “I can well imagine to offer our customers more services on this base“, says Nico Koller.