Two-Factor Authentication for Payment Transaction
(Dynamic Linking – PSD2)

SecSign ID security solutions for banking and financial institutions

Financial institutions need to secure their users and user data wholesomely for the entire process of the financial interaction. This includes the login, transaction clearing, user self-management and more.

Find out why our Two-Factor Authentication is the best, some key-facts for developers and why you should upgrade to SecSign for your business.

Learn more about the options of on-premise use and your own customized ID App in your corporate design.

Download the plugin as cloud version for a free and convenient protection.

Table of contents


    Download the PSD2 Paper


    Compliance with PSD2 financial regulations

    Ideally, finding a security solution that is ahead in its development and proactive to any new regulations about to be introduced into the market will prevent the need to find a new setup once new regulations are published. Otherwise, an institution has to cover significant costs each time a new regulation needs to be implemented.

    With SecSign ID all recent regulations for the financial sector are covered and all solutions are being managed proactively in regard to new regulations or new security achievements.

    The PSD2 regulations are the most recent development in the financial cybersecurity sector. SecSign has been compliant to all requirements long before the regulations became mandatory. We offer solutions that have been successfully tested and used in the market for years.

    PSD2 regulations at a glance




    Practical Implementation

    How does the implementation of PSD2 compliant setups look like in the day-to-day business? This is up to you.

    Compliance to the PSD2 regulations can be realized with your preferences and setup in mind. This includes design, authentication and rollout as some of the many options we offer custom solutions for.


    Transaction verification

    The verification of the transaction by the customer is cryptographically bound to the user by PKI-based authentication. The user verifies the transaction in the custom banking app or in the existing banking app by integration via SDK.

    Mode of operation

    The SecSignApp can initiate the authentication in two different ways.

    1.

    The app displays four random access pass icons. The user confirms the log-in by tapping at the icon which is displayed simultaneously in the online banking’s log-in page. The set of icons can be determined by the bank if preferred.

    Mode of operation

    The SecSignApp can initiate the authentication in two different ways.

    2.

    Alternatively, the app can just ask for confirmation without access pass icons. This mode is sufficient during a two-step-authentication where the user has authenticated to the online banking system with username and password already.


    Point of authentication

    Authentication for the user can be prompted with the initial login or only to access sensitive data and actions, like money transfers.

    The user authenticates during the initial login to the banking service. All user activity is protected with two-factor authentication and the user has to authenticate each time he starts a session with the banking app.

    The user can login to his banking services with just his user name and password. If he wants to access sensitive areas and actions, for example a money transfer, he has to authenticate with the two-factor authentication.

    All options are available for mobile banking and desktop banking


    Mobile First: Integration in mobile apps

    SecSign offers convenient integration in existing banking apps with our SecSign ID SDK to add two-factor authentication to you existing login and transaction verification system. No need to worry about the rollout and implementation of a whole new system, just add 2FA to your existing app and comply to all regulations in one simple step.

    Alternatively, we offer the option of a custom YourBank ID app build by our developers to fit your requirements and compliance to all important regulations. The YourBank ID app provides you with custom on-boarding procedures, corporate design and custom endpoint monitoring options. The design of the SecSignApp can be specified by the financial institution. The name of the app can be modified, for example MyBanklD.
    No need to hire any additional iOS or Android developers, SecSign offers the ready-to-go setup.
    Additionally, relevant information may be included in the app, for example contact addresses, telephone numbers and links to the existing apps.

    In both cases you can offer your users a convenient and secure two-factor authentication as well as signature and transaction verification options. The apps can be used to authenticate the user for you web login, mobile login and mobile verification of transaction.

    For users without a smartphone SecSign offers several alternatives for a secure authentication.

    Users without a smartphone can choose to authenticate via the SecSignApp for Windows 10 or OSX.
    Alternatively, the SecSign ID Server supports the authentication with one time passwords generated using the HMAC based one-time-password algorithm (HOTP).
    HOTP is a standard supported by a wide range of hardware tokens.
    The customer enters this OTP into the web site to complete the authentication. The SecSign ID verifies the OTP using a private key previously shared between the hardware OTP generator and the SecSignlD Server.


    Opening an account and onboarding for banking users


    Every institution has different needs and requirements for user onboarding . That’s why SecSign offers on-boarding options tailored to any setup. Or simply use one of the ready-to-use solutions.

    With SecSign you can choose between lnline-Rollouts, Self-enrollment, Administrator-based rollout or completely customized solutions.
    Roll-out secure authentication by linking your user management system (for example Active Directory), with rollout codes and QR codes. Other options include Video-Ident or a combination of any of those options. With SecSign you have the choice between options without media disruption or in person authentication: It is completely up to your requirements.

    With the SecSign ID rollout options you can activate 2FA for all users conveniently and with minimal administrative effort, both for existing banking users and enrolling new users.
    A comprehensive overview of the available Rollout options and customizations offers our Enrollment overview.

    On-boarding for every setup



    Options for logging user activity

    With the SecSign ID banking backend and the 2FA Identity Management Server you can monitor every login and transaction. Information may include IP-address of the Browser, OS-System, App-Version and many more options. All information are managed compliant to all data protection regulations and can be anonymized or deactivated completely.

    The information can be used to verify authentication and transaction verification from specific devices or limit use, for example from specific areas.

    With the 2FA Identity Management Server you can create an archive for revisions with signed protocols to achieve compliance to all recent and future financial regulations.

    How to connect all services to the 2FA


    SecSign offers ready-to-use integration for pretty much any scenario. A complete list of plugins and interfaces is available at our Developer overview, links to the most common used scenarios are listed below.
    You don’t find what you are looking for or you are not sure what exactly it is you need? Contact us for a solution that matches all your requirements.
























    Key factors of SecSign ID for banking and financial institutions

    You decide and define the login rights of your users (do they have to use a 2FA in all cases, etc.). Integrate the Two-Factor Authentication apps functionality into your own app with your own design to secure your website logins and app logins



    Seals

    Offer your users a secure and convenient digital mailbox experience with the digital account statement seal. No reason to decide between comfort and security.

    YourBank ID

    Convenience and trust combined are the main selling point for banking customers. With the YourBank ID you can offer your customers a secure login to any interface, with the SecSign ID Two-Factor Authentication in the background and your company design to strengthen your corporate identity.

    Secure

    Powerful user security across your enterprise with Two-Factor Authentication for networks, websites, platforms, and devices, not only for online logins. Your data is protected with advanced and state of the art encryption, including but not limited to TEE, 2048 bit encryption, ECC keys, and many more.

    Simple

    Easy integration, easy to use, no compromise. No need for hardware, infrastructure, tokens or passwords. Push notifications for each login, quick and easy mobile authentication. No credentials stored on a server, easy and fast implementation.

    Trust

    Build your own Trust center. You keep complete control over your on-premise server. Protection
    for all your logins, for collaborations and customers.

    Overall protection

    Next generation authentication – no smartphone necessary. With Two-Factor Authentication for Mac, iPhone, iPad, Apple Watch, Android, Windows, and Windows Phone. No smartphone required!Using next generation Two-Factor Authentication adapts to your requirements, not the other way around.

    Highly Customizable

    White Label 2FA or Corporate 2FA – Integration of Multi-Factor Authentication into custom apps (SDK).Easy integration in existing apps. Upgrade your app to enable secure 2FA for any login.

    Restoration code and backup ID

    On all devices (no matter if smartphone or Desktop PC). A significant benefit if you lost one of your devices or someone stole it. Easy restoration without additional administration costs.

    True PDF online signature

    Send, track and manage signed documents from anywhere. Legally binding signatures, user friendly and secured by two-factor authentication.

    On-premise or cloud solutions

    Scalable services for organizations, websites, or individuals. Several solutions available to operate your own authentication server, for a much higher security level.

    Your credentials are truly secure

    The only solution on the market that does neither transmit nor store confidential credentials on a server.

    Private Key Generation and Encryption

    SecSign ID authentication sessions are protected with advanced and state of the art encryption, including but not limited to TEE, 2048 bit encryption, ECC keys, and many more.

    SafeKey Mechanism for Brute Force Protection

    Even if an user’s mobile device is stolen, our patented SafeKey mechanism protects the user’s private key from being compromised and thwarts brute-force attacks.

    Server Protection and Redundancy

    Our remote, redundant failover servers and replications ensure that authentication is available 24/7, for both cloud and on-premise solutions.

    Easy User Management

    Benefit from our secure SecSign ID server as Two-Factor Authentication management server while retaining your user identities on your Identity System. Instant integration and no changes in your infrastructure necessary. Or store user identities in the ID server with our intuitive Active Directory or LDAP import or any other system. Easy integration of individual Identity Systems and intuitive self-enrollment.


    Lost your phone? Don’t worry!

    Total control at any time over all duplicated ID’s, information about the replication via push notification and special alert/message on all devices.

    1. Restoration code / backup code protects you from the loss of the ID
    1. Remote wipe protects you from unauthorized use: “Remotely unpair lost or stolen devices from anywhere” admin page and device list

    Do NOT follow this link or you will be banned from the site!