All round security for Odeabank’s application
From Man-in-the-Middle and Man-in-the-Browser attacks, financial institutions are favorite targets of opportunity for electronic thievery. To mitigate these attacks banks have always purchased different systems to manage different risks. Similarly, the Banking Regulation and Supervision Agency of Turkey, in an effort to reduce risk, stipulated that two-factor authentication became mandatory for performing financial transactions via online banking in Turkey. SMS authentication is common in Turkey, but Odeabank opted for a more innovative and convenient solution: they integrated VASCO’s DIGIPASS for Apps into their mobile banking app.
Odeabank had to comply with the rules issued by the Banking Regulation and Supervision Agency of Turkey while issuing a better customer experience, stating that Two-factor authentication is mandatory for performing financial transactions via online banking.
The bank wanted to integrate the solution into the mobile banking application worked on iOS, Android & Windows 8, because they wanted a fast and convenient solution, with no friction for the end user.
DIGIPASS for Apps can be integrated and modified easily according to the bank’s needs and guarantees a quick, safe and simple login process.
Key Project Principles
A Convenient Solution
SMS authentication is generally used in Turkey, but this method forms a significant burden and cost on banks. Using a single mobile banking application with an integrated, one time password generator results in a safe and faster login process that provides a better user experience. DIGIPASS for Apps also enables developers to secure their application at every level. When using Odeabank Pass’O (the feature that generates the one-time password), users enter a user-defined PIN code to generate an OTP instantly. This OTP is both time- and event-based and easily selects and implements features such as e.g. TouchID availability, which replaces the static PIN code.
Users can activate their mobile app by providing their phone number and internet banking username and password. After activation, they can log in to the mobile banking app by entering the password they created during the activation session. If their device supports touch ID, they can also use the fingerprint scanning instead of entering their static password. In the back-end, a one-time password is generated via application and sent back automatically to the banking system, so users can get access quickly and easily.
The Odeabank mobile banking app exceeded 60.000 downloads in the first 6 months after its release. Users, who are typically between 20 and 50 years old and live in major cities demand a secure, but very convenient and friction-free application that limits the security burden to a strict minimum. DIGIPASS for Apps helps the Banking Regulation and Supervision Agency of Turkey to decrease login time and increases user convenience with Touch ID functionality.