Transaction Verification Solutions
When “something you know” and “something you have” simply isn’t enough, Authlogics allows for “something you are doing“. The ability to verify transactions is becoming even more critical when performing high-risk tasks such as authorising a payment.
Including “something you are doing” ensures that the One Time Pin you supply can only be used for the purpose it was intended and can’t be used for anything else. There have been many attacks on banks in recent years where a valid One Time Pin is “stolen” from a user and used maliciously to move money to the bad guy’s account – Transaction Verification stops this attack in its tracks. Some banks have introduced hardware-based card readers or tokens with keypads to provide protection however these are highly expensive solutions and are not user-friendly.
The Authlogics Transaction Verification solution is different. It is built directly into our Authlogics Authenticator Mobile App enabling “something you are doing” any time you need it with the award-winning PINgrid and PINpass technologies – and is included in our single-user licence cost with no custom hardware or expensive roll-out costs. The technology can also be built directly into mobile banking and other applications for seamless user experience.
- No hardware tokens
- No passwords
- Mobile App works 100% Offline
- Seamless step-up from Deviceless OTP and MFA Factor when needed
- Patented, award-winning technology
- Available in all major App Stores
- Risk appropriate security for high value transations
- Rapid deployment
- Simple to use
Our Transaction Verification Technologies
Transaction ID entry screen of the
Authlogics Authenticator Mobile App
Pattern based graphical technology: The user enters the transaction code, looks at the grid and recalls their pattern, enters the One Time Pin.
Enhanced OATH technology: The user enters the transaction code, reads the One Time Pin from the token, enters the OTP.
Frequently Asked Questions
Why is “something you are doing” so important?
When you need to authorise an action you are doing, the authorisation code you are using must have some relation to what you are doing. This is why “something you are doing” is used as an additional factor. Many Internet banking systems, for example, send an authorisation code to perform a task, but they don’t have any relation to the task you are performing.
Hacks like Operation High Roller (and many more) exploit codes that are meant for one thing but the bad guy uses the code for something else. For example, maybe you want to send $100 to your savings account and you are sent a code to authorise it, however malware in your browser has changed the request being sent to the bank to send $10,000 to their account. You then enter the code provided to authorise it and it goes through. Transaction verification prevents these types of attacks.
How would I use PINgrid to authorise a financial transaction?
PINgrid is ideal for authorising mobile payments with transaction verification. An example of how to use it is as follows:
On an Internet banking session, you create a new payee and add their account number via the browser. The bank needs to ensure that the code entered by you in the browser is the one they receive and it hasn’t been tampered with. To do this you enter the bank account number into your Mobile Banking App and a PINgrid challenge is displayed which is unique for the transaction and your device at that moment in time. You then use that grid with your pattern to get your One Time Pin. That OTP will ONLY be able to authorise the correct account number and if malware modifies the account number received by the bank then the code will not be able to authorise the transaction.