Retail Banking Solutions
The retail banking industry uses a variety of methods to authenticate their customers; they vary from a simple username and password through to dedicated biometric hardware solutions. However, a quick Google search for banking hacks will show that, despite all the money spent on these security solutions and authentication systems, the bad guys are still winning.
On the other side of the security battle is the unfortunate banking customer. The customer is bombarded with jargon, technology, tools and hardware, seeing these as barriers to getting their online banking done quickly and efficiently. Unfortunately, they must contend with different authentication methods depending on how they engage with their bank. There are often totally different ways to prove who you are depending if you’re in a branch, in a shop, on the phone, on the web or in an app – why does it have to be so complicated; especially when the security doesn’t work that well anyway?
Authlogics for Retail Banking offers a single simple way to authenticate a customer in any situation being Internet Banking, Mobile Banking, ATMs, Point of Sale, Telephone Banking, in Branch or for securing bank statements. The key behind Authlogics for Retail banking is the patented PINgrid technology which combines the high levels of security with simplicity in any scenario.
Forget the days of complex web browser-based logins where customers are forced to jump through hoops just to check their bank balance. No passwords, hardware tokens, card readers, or SMS messages that arrive 5 mins too late. Instead, those interested in online banking can visit this bank’s official website to learn more about online and mobile banking apps.
Usage scenario walk-throughs with task risk levels:
- Low-risk task: PINgrid Deviceless OTP can be used to simply check your account balance, or see if your paycheck has cleared.
- Medium-risk task: If you then want to download a statement or pay your rent simply step up to PINgrid Multi-Factor Authentication via the offline Mobile Banking app.
- High-risk task: Finally you need to send some money to somebody new, or authorise a large transfer for a new car, then jump to PINgrid Transaction Verification.
The combination of PINgrid factors provides risk-appropriate security for the task at hand. From the customer’s point of view, all these tasks appear to work the same way as the technology is consistent.
Many banks today have different login systems for in the branch, on the phone, on the Web and in an App. Managing these separate login systems for different customer points of entry is an expensive exercise with staff and system duplication. Using a single system, such as PINgrid, across all mediums streamlines the operational process and provides a consistent level of security.
Happy customers make loyal customers. With the high cost of customer acquisition focusing on customer retention is critical. Providing a consistent way for a customer to prove who they are, regardless of if they are on the phone, Web or App will improve customer satisfaction and reduce frustration. This will also attract new customers.
Retail Banking fraud is at an all-time high and reducing losses due to fraud has obvious financial benefits. Lots of money is already being spent on complex systems to reduce fraud with limited/mixed success. The use of SMS OTP has been widely adopted by banks in some countries however the risks of this are high and is not recommended by NIST.
Today a customer has to register for separate services, e.g. Internet Banking, Mobile Banking, Telephone Banking – and they all use different security systems. Authlogics provides consistency for the customer as they use the same login method in every scenario. They no longer need to remember passwords or PINs, and they don’t need cumbersome dedicated hardware. PINgrid provides a simple gateway to getting things done safely, not a barrier.
Time is money, yet proving who you are to a bank is not quick. Call centre queues and juggling the myriad of passwords, codes, PIN’s and dongles slow down the process of simply getting on with banking for many customers. Many of these systems add little real-world security, yet they certainly cause confusion, delays and frustration.
Free your customers from needing passwords and PINs ever again. Passwords and PINs are known to be highly insecure, yet they are still very widely used. They constantly need resetting, adding to customer frustration, and are continuously being compromised by malware, key loggers and phishing attacks. PINgrid eliminates the password problem entirely by simply replacing them.
Other Use Case Scenarios
Authlogics provides multiple factors of authentication in one.
- Something you know: A PINgrid Pattern.
- Something you have: A registered mobile device running a banking app.
- Something you are: A finger/face biometric registered on a mobile device.
- Something you are doing: Adding a payee or transferring a large amount of money.
Customers are blissfully unaware that all this “complex security” is going on for their protection and they can just go about their business. The Authlogics solution for Retail Banking covers many areas however these specific use case scenarios are key to show how PINgrid, in particular, adds real-world benefits.
In the smart device age, why should banking apps be treated as a second-class citizen to Internet banking via a Web Browser?
A mobile banking app today can be two solutions in one. Not only can it be an offline Multi-Factor soft token, but it can also be a secure window into your account with built-in authentication to securely do everything you could do via a browser – with step-up authentication built right into it.
As PINgrid can be built directly into a mobile app, it can also provide offline authentication to Internet or Telephone banking. When online, it can authenticate the user directly into full-service banking with consistent user experience.
ATM / Cash Machines
The 4 digit PIN has been the security standard since the first ATM card. Not only is it yet another code for a customer to remember (and never change), its 10,000 combinations hardly provide a high level of security. Theft of PIN codes from ATMs is rife with methods from fake ATM keypads to pinhole cameras being used to capture codes. The cards themselves are compromised by card skimmers cunningly attached to the ATM and the details are later used to create a clone of the real card. The captured PINs together with cloned cards result in theft from your account from halfway around the world within minutes.
But what if you didn’t use a fixed 4 digit PIN at a cash machine ever again? PINgrid can be used with existing cash machine hardware and software to free us from the burden of the 4 digit PIN code and thwart this attack once and for all. Cash machines can also be backwards compatible with other customers who are not lucky enough to be protected by PINgrid by their bank.
Point of Sale Devices
Much like ATMs, Point of Sale (POS) devices in most of the world, similar to those made by Revel Systems, now require “Chip & Pin” (EMV) to approve payments in stores. The same 4 digit PIN is used everywhere and typed into more and more untrusted devices than ever. The PIN you enter is captured by the drug store CCTV camera and watched by the Kwiki Mart sales assistant. Your PIN is simply not safe anymore.
With more and more POS devices now sporting large colour screens, these can be used with PINgrid to produce a One Time Code; no more 4 digit PIN, so you don’t need to worry about who is watching anymore.
Sometimes you just need to talk to a human being. However, once you eventually get through, it seems to take even longer to convince the person on the phone that you are who you say you are than it does to resolve your query.
You end up answering a bunch of generic questions anyone could find the answers to on Social Media, or spelling out your favourite football team on your fingers to find the 7th and 12th letter, and telling everybody in the office your date of birth only to find you spelt it wrong in your haste. You may even find that you aren’t even registered for “telephone banking” so you can’t even use the service, but you can get forms posted out to you which doesn’t exactly help at the time.
Imagine if you could simply open the offline Mobile Banking App on your phone, read out a One Time Code to the operator and then get on with your enquiry. This would significantly cut time spent on the phone, cut helpdesk costs for the bank, and make much happier customers – all with higher levels of security.
Secure Bank Statements
Financial information is very private and every measure should be taken to ensure it stays that way. With a gradual move from paper-based statements to electronic statements more should be done to protect the data in a bank statement.
With Authlogics, every PDF bank statement can be encrypted with a Once Time Code using PINgrid. This ensures that the data is encrypted at all times no matter where it is downloaded to or which email account it gets sent to. Furthermore, the customer uses the same pattern they use everywhere else with no passwords required, and they can still view their statements on any device.
A watermark can also be placed inside the PDF document, so when opened or printed, it can be used as a physical MFA token for over the phone enquires even if the customer does not have their mobile App with them.
Have you ever tried to visit your branch without your bank card or ID, how do you prove who you are? Even if you have your ID how sure is the bank clerk that its not a fake id that has been bought from a legitimate website?
If you can securely prove who you are over the Internet or the phone, why should being physically in a branch be any different? PINgrid in-branch gives the teller clerk assurance that you are who you say you are, and means that the customer doesn’t need to carry an ID or plastic card with them.