Challenges

As the mobile financial environment has become more common and non-face-to-face financial transactions have increased, use of financial service apps is also rising. However, financial damages cases are also rapidly growing as they have become targets of various forms of hacking. Financial service companies introduce numerous security and authentication methods to protect consumers, but various issues arise in the process of using them. In fact, network-based payment tokens are difficult to use in an environment where communication is unstable, and user convenience can be compromised when a financial service app has a step-by-step user authentication process.

Happy man paying

The solution

swIDch generates non-duplicate dynamic codes through our patented OTAC (One-Time Authentication Code) algorithm even in off-the-network environments without extra infrastructure. The generated verification code replaces the ID/PW and card number based on a fixed value.

 

  • A dynamic code that is safe from hacking and leaks is generated.
  • Dynamic codes are continuously changed even in an environment without a communication network
  • The dynamic code alone identifies the owner (combining identification and authentication steps).
  • Dynamic codes have a 0% chance of being duplicated.
  • All functions can be implemented without changing the existing infrastructure.

 

Doku e-wallet

> Read our Doku case study here

OTAC Dynamic PAN

swIDch’s OTAC Dynamic PAN generates a dynamic card number that changes each time instead of fixed card information to prevent financial accidents caused by card number leakage. The dynamic card number generated based on the OTAC algorithm, the original technology of swIDch, can be issued and registered in the same way as the existing payment process. You can use it as a payment token even if communication with the server is restricted.

[Current tokenization technology]

swIDch_Dynamic Token 01 small

[OTAC applied technology] 

swIDch_Dynamic Token 02 small

Expected Effects with OTAC Dynamic PAN

Reduction of operating costs by shortening verification time

OTAC Dynamic PAN provides a dynamic payment token generated from the user's mobile device during offline payment. Consumers can use the token to pay using the existing payment infrastructure of the shop or store to the financial service server. It not only reduces the operating cost by shortening the verification time compared to the token server that always requires communication networks, but also supports an environment where users can make payments with zero inconvenience even when offline. In addition, a shop that does not introduce 3D Secure authentication can also prevent payment incidents caused by the leakage of a user's card number, thereby you can reduce the cost of compensation for payment incidents.

Convenience and security enhancement using dynamic codes

OTAC Dynamic PAN is generated by the user's device and undergoes authentication processes such as fingerprint, iris, and PIN in their device. As it can be used in the same way as the existing card payment method without additional authentication process, it is much simpler. Also, an online shop without 3D Secure authentication allows consumers to pay only with the dynamic payment token provided in the form of a card number, preventing theft and misuse of the card number and enhancing security.

OTAC Device Authentication Token

swIDch’s OTAC Device Authentication Token generates a new OTAC on the user's device every time, even in an off-the-network environment, and provides it as a dynamic code that can act as 'ID + password + OTP' used for payment authentication. Consumers can also securely store unique values in their devices. In addition, by periodically sending a dynamic code valid only at the present time from the user's device to the server of the financial company, it is possible to check whether the user's device is accessing it from a normal customer's device by a one-way (uni-directional) verification of the received dynamic code.

swIDch_Dynamic Token 03 small

 

● Embedment of OTAC generation module in the user's app

To generate a unique OTAC, the unique value is safely stored in the user's mobile device, and a valid OTAC is generated and transmitted at every point in time

 

● Embedment of OTAC verification module in financial company server

It verifies the periodically transmitted OTAC and assigns a unique value to each user.

 

 

Expected Effects with OTAC Device Authentication Token

 

Support for abnormal transaction detection through device authentication

Since a significant number of financial-related hacking cases involve hackers impersonating users from other devices, many financial companies use fraud detection system (FDS) to defend against hackers targeting electronic financial transactions. However, the FDS method which collects and analyses various information from the payer, requires not only device information but also a large amount of transaction information. It means device authentication for each transaction on FDS is essential. OTAC Device Authentication Token can be used together with FDS to enhance security or replace the functions of FDS.

 

Provides convenience through simplified user authentication

Because of the importance of security, financial service apps go through at least two factor authentication (2FA) when making payments or money transfers in addition to logging in. This process not only makes users uncomfortable, but also slows down the speed of the app due to the increase in resources required for authentication. OTAC Device Authentication Token eliminates the inconvenience of frequent logout or re-login when using the platform by reducing unnecessary user authentication steps through device authentication using dynamic codes and extending the session between financial service apps and servers through OTAC verification.

 

 

 

 

Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
DYNAMIC CODE that is
sufficient to IDENTIFY user
Single-step IDENTIFICATION
and AUTHENTICATION
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 

 

Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.  

Learn More

'One-time-authentication-code' technical report by University of Surrey Get In touch

Related Topics

Global expansion of card tapping mobile OTP for security and convenience is imminent
If you transfer large sum remittance at once or request sensitive financial information, most global banks ask you either to input mobile one-time passwords (OTPs) generated by mobile banking app, to provide your biometric information via your smartphone, or to type registered PIN codes in order to verify your identity.
Read More
Can convenience and security coexist in digital payment?
The quick and easy way we pay online is the most fundamental agenda of digital transformation accelerated by the pandemic. We live in a world where you can pay for items in your shopping cart with a single click of a purchase button, or transfer money by scanning a QR code without an additional payment process. But, are you sure that your payments are managed safely enough?
Read More
How to make complex authentication processes in payment simpler, more efficient and secure.
Payment card fraud costs the global economy approximately $27.85 billion in a single year, and this is projected to rise to $40.63 billion by 2027, according to The Nilson Report. In addition, information theft incidents continue to occur in the secure digital authentication process, such as a short message service (SMS) for one-time passwords, (OTP) for bank account transfers, and PINs for identity authentication.
Read More