MONET+ implemented a consolidated authentication solution for ČSOB based on the CASE authentication server and the CASE mobile authentication method (ČSOB Smart Key) for Android, iOS, and Windows platforms.
The client's requirements
While developing its online banking channels, the bank sought a new method to handle client security that would cover:
Secure and fast login to the electronic service
Transaction authorization and signatures, including a full visualization of the transaction based on the given means of authentication
The new authentication method was primarily intended to replace STS OTP codes and was targeted towards users of smartphones and tablets running all key operating systems: Apple’s iOS, Google’s Android, and Microsoft Windows.
The solution delivered
During 2014-2015, MONET+ implemented a consolidated authentication solution for ČSOB based on the CASE authentication server and the CASE mobile authentication method (ČSOB Smart Key) for Android, iOS, and Windows platforms.
In order to support the lifecycle of the new authentication method, MONET+ provided tools for remote management of the mobile app’s dynamic content (graphics, help, etc.), a solution comprising of full transaction visualization dynamically adapted to the contents / channel / transaction (WYSIWYS), as well as a push server for pro-active communication with the mobile app.
The app is designed to be user-friendly, respecting the respective UX concepts and specifications of various mobile platforms.
Integral parts of the delivery were security components (a cryptographic SDK for the mobile platforms, a security gateway, and secure storage of sensitive information on the server).
Benefits of the delivered solution
A full authentication method for smartphone users compliant with PSD2 regulatory requirements (strong authentication as well as the readiness of the method to handle different channels, including those of third parties).
Given the large number of ČSOB’s digital channels, the new authentication method was designed to be channel-neutral. When utilized with a specific electronic channel or service, the mobile app visually adapts to the service that generates the demand for authentication or authorization (by way of a specific transaction visualization).
In complement to online authentication, again via a data network, the app can be run in offline mode to generate one-time passwords or signature codes, using a QR code for transmitting transaction data to the mobile app.