2FA in the banking world
User name and password - in the past, access to online banking and the financial app was as easy as this, at least in the EC. But these times are over since 14 September 2019. In order to make payments more secure and put a stop to cybercrime, the EC has been requiring strong authentication with two identification elements since 2019, as Switzerland has been doing for several years. This tightening of the rules - keyword PSD2 - not only affects financial transactions, but also access for third-party providers via APIs. The objective is clear: thanks to "open banking", an ecosystem should be promoted that enables data sharing, so that third-party providers can also trigger certain operations and transactions on bank accounts via APIs. In practice, this fundamental rule change means that bank customers as well as third-party providers must use two factors to access accounts.
2FA methods in comparison
The most common 2FA variant at banks is still mTAN, where the customer first enters username and password (factor knowledge) before receiving a transaction number (TAN) on his mobile phone (factor possession) via SMS. However, this variant is not only questionable in terms of security. In terms of user-friendliness, too, mTAN is considered outdated, as the tedious process of typing in TANs is now considered a real imposition. Nowadays there are modern alternatives such as "One-Touch" or "QR Code", also for the approval of transactions.
Authentication with one touch
With "One-Touch", also in combination with biometric procedures such as Touch ID or Face ID, users are uniquely identified and can carry out their banking transactions with just one touch on the screen. Login to online banking or the approval of a transaction (transaction signing) can be carried out quickly and easily with this technology.
Authentication via QR Code
By scanning a QR code displayed in online banking using the Airlock 2FA app, users can log in or release a transaction in seconds.
2FA - a competitive advantage?
What can only be done through time-consuming processes at established banks, works with FinTechs with scrolling and swiping - the opening of an account, the transfer, the purchase of securities. FinTechs are subject to the same security regulations as traditional banks. However, they handle them differently, e.g. with integrated security solutions based on cIAM and 2FA. This different, smooth handling of digital technologies is one of the main reasons why FinTechs are so well received.
Modern variants of two-factor authentication are thus becoming more important than ever for banks. This raises the next big question for financial service providers who already use a wide range of strong authentication methods: How can the changeover to a modern authentication method take place without presenting customers, internal IT and helpdesk with major challenges?
The integrated approach of two-factor authentication and customer IAM provides decisive answers to this question. The combination of the two solutions allows migration processes to be defined and automated, allowing a gradual changeover. This can be enforced by a deadline or at the next logon. The introduction of the new second factor is designed to be as simple and intuitive as possible.
For example, by sending an e-mail with all the information and instructions for downloading the app, the new authentication and a QR code at the next login, which must then be scanned with the smartphone. This is child's play and that's the way it should be.
The e-mail or even an information letter can be sent directly from the cIAM. The customer hotline is not used to full capacity.
Blognews directly to your inbox
The Airlock Newsletter informs you continuously about new blog articles.