SIGNER – SCA METHOD FOR MOBILE - GCP Software
15728
page-template-default,page,page-id-15728,bridge-core-2.2.6,ajax_fade,page_not_loaded,,qode-theme-ver-21.3,qode-theme-bridge,qode_header_in_grid,wpb-js-composer js-comp-ver-6.2.0,vc_responsive,elementor-default

SIGNER – SCA METHOD FOR MOBILE

SIGNER – STRONG CUSTOMER AUTHENTICATION (SCA) METHOD FOR MOBILES OR TABLETS

Regulatory compliance, security and the user experience are the 3 main challenges currently facing EU financial market participants:

  • Regulatory compliance is an issue in Europe in the form of the PSD2
  • Resisting fraud is a key security priority
  • Retaining existing customers and acquiring new customers is now a question of the simplicity and convenience of the services proposed.

It is hard to achieve when regulatory compliance requirements and resisting fraud appear to directly contradict a pleasant user experience, by requiring the use of complex authentication procedures.

We are aware of the innovation-related priorities targeted by EU financial market participants, and we are convinced that our solution has all needed for accomplishing these targets:

  • Strong two-factor mobile authentication requiring one single action by the user
  • Biometric mobile authentication factors
  • Single mobile application that combines possession, knowledge and identifier for a pleasant experience

In addition PSD2 compliance of our products allows you to be supported by a reliable and recognized solution, while leaving it free to select its own launch method:

– SaaS, or

– On-Premises

For SaaS model we choose certified local cloud partners who cover particular jurisdictions where data security laws or regulations require systems to be managed in-country.

 

Overview

A mobile app based solution to login authentication and transactions authorization in Service Provider`s customer-facing application using digital signature.

GCP Signer is fully compatible with EU regulations on SCA (Strong Customer Authentication).

Our solution is also 3DS 2.0 Compliant, satisfies latest MasterCard directive. It provide for secure enrolment and can be used for authentication or/and transaction confirmation.

 

Customer Enrolment

Service Provider (financial institution/PSP) configures enrolment options:

  • password + SMS token (e-TAN)
  • another token combination + information known to the financial institution

A private key is generated for each user’s device. Key is generated using biometrics.

 

Use cases

Login

When user needs to login the Service Provider app using Signer:

  1. Server generates a challenge, which is delivered to Signer as a push message or displayed as QR code on PSP`s web app page.
  2. User signs a challenge with Signer using one of two options:
  • QR-code scan

After opening the application, the user should point the camera phone to the QR-code displayed on the screen, reviews transaction details in Signer and scan a fingerprint to confirm the operation.

  • Push notification

User opens a push message that appeared on the smartphone, reviews transaction details in Signer and confirm the operation.

Transaction authorization

For each transaction type its own fields that needs to be part of digital signature can be configured.

When user needs to confirm transaction using Signer:

  1. the server sends to Signer appropriate transaction id using push, or PSP app presents transaction id as QR code.
  2. Signer requests transaction details from the server.
  3. User presented with transaction details in Signer – WYSIWYS (What You See Is What You Sign).
  4. To confirm (sign) the transaction, user needs scan the finger or face.

 

Features

Off-line mode

Signer is capable of generating digital signature for transaction when the device doesn’t have Internet connection

Group payments confirmation

User can select multiple payments and confirm them in one go. Signer lists details of each transaction in the group.

Evidence generation

Signature is formed based on and stored along with the transaction details, which allows the finanacial institution to prove that particular transaction was confirmed by particular user. It also makes impossible to alter transaction’s details (non-repudiation).

PSD2 and 3DS2 Compliant

With 3DS 2.0 the consumer experience is simplified and enhanced, through the elimination of the initial enrolment process and removing the need for cardholders to remember static passwords.

Your customers can use Signer for all CNP transactions (cardholder-initiated or subscription payments).

Payments initiated by the customer are confirmed with one single action in full compliance with PSD2 regulation using factors of possession and inherence.

 

You can take benefit of different delivery models:

  • Complete solution with centralized authentication server and mobile authenticator app
  • API for integration with your existing customer app