As the mobile financial environment has become more common and non-face-to-face financial transactions have increased, use of financial service apps is also rising. However, financial damages cases are also rapidly growing as they have become targets of various forms of hacking. Financial service companies introduce numerous security and authentication methods to protect consumers, but various issues arise in the process of using them. In fact, network-based payment tokens are difficult to use in an environment where communication is unstable, and user convenience can be compromised when a financial service app has a step-by-step user authentication process.
swIDch generates non-duplicate dynamic codes through our patented OTAC (One-Time Authentication Code) algorithm even in off-the-network environments without extra infrastructure. The generated verification code replaces the ID/PW and card number based on a fixed value.
- A dynamic code that is safe from hacking and leaks is generated.
- Dynamic codes are continuously changed even in an environment without a communication network
- The dynamic code alone identifies the owner (combining identification and authentication steps).
- Dynamic codes have a 0% chance of being duplicated.
- All functions can be implemented without changing the existing infrastructure.
OTAC Dynamic PAN
swIDch’s OTAC Dynamic PAN generates a dynamic card number that changes each time instead of fixed card information to prevent financial accidents caused by card number leakage. The dynamic card number generated based on the OTAC algorithm, the original technology of swIDch, can be issued and registered in the same way as the existing payment process. You can use it as a payment token even if communication with the server is restricted.
[Current tokenization technology]
[OTAC applied technology]
Expected Effects with OTAC Dynamic PAN
Reduction of operating costs by shortening verification time
OTAC Dynamic PAN provides a dynamic payment token generated from the user's mobile device during offline payment. Consumers can use the token to pay using the existing payment infrastructure of the shop or store to the financial service server. It not only reduces the operating cost by shortening the verification time compared to the token server that always requires communication networks, but also supports an environment where users can make payments with zero inconvenience even when offline. In addition, a shop that does not introduce 3D Secure authentication can also prevent payment incidents caused by the leakage of a user's card number, thereby you can reduce the cost of compensation for payment incidents.
Convenience and security enhancement using dynamic codes
OTAC Dynamic PAN is generated by the user's device and undergoes authentication processes such as fingerprint, iris, and PIN in their device. As it can be used in the same way as the existing card payment method without additional authentication process, it is much simpler. Also, an online shop without 3D Secure authentication allows consumers to pay only with the dynamic payment token provided in the form of a card number, preventing theft and misuse of the card number and enhancing security.
OTAC Device Authentication Token
swIDch’s OTAC Device Authentication Token generates a new OTAC on the user's device every time, even in an off-the-network environment, and provides it as a dynamic code that can act as 'ID + password + OTP' used for payment authentication. Consumers can also securely store unique values in their devices. In addition, by periodically sending a dynamic code valid only at the present time from the user's device to the server of the financial company, it is possible to check whether the user's device is accessing it from a normal customer's device by a one-way (uni-directional) verification of the received dynamic code.
● Embedment of OTAC generation module in the user's app
To generate a unique OTAC, the unique value is safely stored in the user's mobile device, and a valid OTAC is generated and transmitted at every point in time
● Embedment of OTAC verification module in financial company server
It verifies the periodically transmitted OTAC and assigns a unique value to each user.
Expected Effects with OTAC Device Authentication Token
Support for abnormal transaction detection through device authentication
Since a significant number of financial-related hacking cases involve hackers impersonating users from other devices, many financial companies use fraud detection system (FDS) to defend against hackers targeting electronic financial transactions. However, the FDS method which collects and analyses various information from the payer, requires not only device information but also a large amount of transaction information. It means device authentication for each transaction on FDS is essential. OTAC Device Authentication Token can be used together with FDS to enhance security or replace the functions of FDS.
Provides convenience through simplified user authentication
Because of the importance of security, financial service apps go through at least two factor authentication (2FA) when making payments or money transfers in addition to logging in. This process not only makes users uncomfortable, but also slows down the speed of the app due to the increase in resources required for authentication. OTAC Device Authentication Token eliminates the inconvenience of frequent logout or re-login when using the platform by reducing unnecessary user authentication steps through device authentication using dynamic codes and extending the session between financial service apps and servers through OTAC verification.
Contact us today
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Sufficient to IDENTIFY user
that does NOT duplicate
in off-the-network environment
OTAC is a dynamic code, which means the code keeps changing. As a result, you don’t need to worry about any leak of your personal information, such as
your card details, because the codes must have already been changed when others try to use them.
The network connection is NOT necessary at all for generating OTAC.
Reducing an authentication stage that requires the network connection directly means there are fewer gateways for
the hackers to access our personal information.
Moreover, this feature enables users
to authenticate even when they are
in networkless environments, such
as on the plane, underground, rural or foreign areas.
swIDch can guarantee that the code never duplicates with anyone
at any given moment.
There is NO chance of someone else having the same code.
The users or their devices can be identified with the code alone.
Once OTAC has been generated, providing OTAC alone is already fully sufficient to identify the user as the code is unique.
It means, you can forget about the bundles of static information including IDs and passwords.