Simage technologies

Secure internet transactions through mobile authentication

Mobile OTP

Businesses as well as personal banking clients are increasingly depending on e-banking services in today's fast-paced world. Financial institutions worldwide are offering online banking for customer convenience but the service has its own integral risks, especially regarding the security of transactions. Users are often heavily concerned about the safety of their personal details and banking information subjected to fraud. As a result, financial institutions are looking at protecting their reputation and image, by offering e-banking solutions to their customers with the security and convenience they demand. Individuals are also constantly looking for secure methods to make internet transactions.

Mobile OTP Solution

With over 4 billion mobile phone subscriptions worldwide, the mobile phone is becoming popular as a multifunctional device. While the users change their mobile phones regularly, they still use the same SIM card. Financial institutions can now rest easy with the Mobile OTP (one-timepassword) solution implemented in the user's SIM card. Through a mobile device, users are able to generate an OTP. This option enables the financial institutions to offer a secure and easy way for its customers to undertake on-line banking activities.

Banks can implement the service as a value-added feature for customers who sign up for online banking access. Such a service will encourage greater usage of on-line banking services thereby contributing to the financial institution's revenue and creating its brand image as a total banking solutions provider.

The user enters a PIN code to access the OTP application present on the SIM card and generates a 6-digit single-use password. With the OTP and his User ID, a user can access his online banking account. The OTP is generated without an online connection, therefore not requiring any information to be passed to the user via SMS or the availability of full network coverage at all times.

How It Works

A user wants to make a secure internet transaction. Entering the web login page the user is asked to type in the user ID and the password. User starts the OTP application that is loaded in the SIM to create the OTP by entering user's secure application PIN number. The OTP is generated based on open source standard OATH algorithm.

The OTP is generated by the applet and displayed on the mobile phone. The user can type this OTP as a dynamic password into the "password" space of the web login page for a secure web access. The web site owner finally can ask the Central Transaction Platform for validation by taking the OTP together with the user's ID. A MNO (Mobile Network Operator) could also offer its subscriber to use his MSISDN number as the User ID. This way the subscriber has the complete solution out-of-the-box.

With the OTP generated by the SIM application, users can also securely visit websites supporting OpenID standards.

Security

As the OTP is generated with OTP Application PIN, hence it provides a Strong 2-Factor authentication, mobile handset with secure SIM application and application PIN. The connection to the validation server is installed via a secure VPN tunnel which guarantees high security level.

Financial Institution/MNO/ Service Provider Benefits

  • Easy to implement and fast
  • No additional infrastructure or resources are required (authentication servers are hosted at Simage)
  • Less investment cost to provide the service
  • Better reputation and brand image
  • Increase customer base with secure and reliable services
  • Attract customers from other market segments with joint product offering

End User Benefits

  • Mobile handset independent. SIM application works in any handset
  • High secure authentication method
  • Undisputed reliability of services, anywhere, anytime
  • Convenient, fast and simple to use