When “something you know” and “something you have” simply isn’t enough, Authlogics allows for “something you are doing”. The ability to verify transactions is becoming even more critical when performing high risk tasks.
Including a “something you are doing” factor into the equation ensures that the One Time Pin you supply can only be used for the purpose it was intended and can’t be used for any other purpose. There have been many attacks on banks in recent years where valid One Time Pins are “stolen” from a user and used maliciously to move money to the bad guy’s account – Transaction Verification stops this attack in its tracks. Some banks have introduced hardware based card readers or tokens with keypads to provide protection however these are highly expensive solutions and are not user-friendly.
The Authlogics Transaction Verificaiton solution is different. It is built directly into our Authlogics Authenticator Mobile App enabling “something you are doing” any time you need it with the award-winning PINgrid and PINpass technologies – and is included in our single-user licence cost with no custom hardware or expensive roll-out costs.
- No hardware tokens
- No more passwords
- Authlogics Authenticator soft token all mobile app stores
- Soft Token works 100% Offline
- Seamless step-up from 1.5 & 2 Factor when needed
- Patented, award-winning technology
- Rapid deployment
- Simple to use
- Risk appropriate security for high value transations
Our Transaction Verification Technologies
Transaction ID entry screen of the
Authlogics Authenticator Mobile App
- Pattern based graphical technology.
- The user enters the transaction code, looks at the grid and recalls their pattern, enters the One Time Pin.
- Enhanced OATH numeric technology.
- The user enters the transaction code, reads the One Time Pin from the token, enters the OTP along with a PIN/password.
Frequently Asked Questions
Why is “something you are doing” so important?
When you need to authorise an action you are doing, it is critical that the authorisation code you are using has some relation to what you are doing. This is why “something you are doing” is used as an additional factor. Many Internet banking systems, for example, send you authorisation codes to perform tasks, but they don’t have any relation to the task you are performing.
Hacks like Operation High Roller (and many more) exploit codes that are meant for one thing but the bad guy uses the code for something else. For example, maybe you want to send $100 to your savings account and you are sent a code to authorise it, however malware in your browser has changed the request being sent to the bank to send $10,000 to their account. You then enter the code provided to authorise it and it goes through. Transaction verification prevents these types of attacks.
How would I use PINgrid to authorise a financial transaction?
PINgrid is ideal for authorising mobile payments with transaction verification. An example of how to use it is as follows:
On an Internet banking session, you create a new payee and add their account number via the browser. The bank needs to ensure that the code entered by you in the browser is the one they receive and it hasn’t been tampered with. To do this you enter the bank account number into your Mobile Banking App and a PINgrid challenge is displayed which is unique for the transaction, the device and the time. You then uses that grid with your pattern to get your One Time Pin. That OTP will ONLY be able to authorise the correct account number and if malware modifies the account number received by the bank then the code will not be able to authorise the transaction.