2FA in the banking world

User name and password - in the past, access to online banking and the financial app was as easy as this, at least in the EC. But these times are over since 14 September 2019. In order to make payments more secure and put a stop to cybercrime, the EC has been requiring strong authentication with two identification elements since 2019, as Switzerland has been doing for several years. This tightening of the rules - keyword PSD2 - not only affects financial transactions, but also access for third-party providers via APIs. The objective is clear: thanks to "open banking", an ecosystem should be promoted that enables data sharing, so that third-party providers can also trigger certain operations and transactions on bank accounts via APIs. In practice, this fundamental rule change means that bank customers as well as third-party providers must use two factors to access accounts.

2FA methods in comparison

The most common 2FA variant at banks is still mTAN, where the customer first enters username and password (factor knowledge) before receiving a transaction number (TAN) on his mobile phone (factor possession) via SMS. However, this variant is not only questionable in terms of security. In terms of user-friendliness, too, mTAN is considered outdated, as the tedious process of typing in TANs is now considered a real imposition. Nowadays there are modern alternatives such as "One-Touch" or "QR Code", also for the approval of transactions. 

Authentication with one touch

With "One-Touch", also in combination with biometric procedures such as Touch ID or Face ID, users are uniquely identified and can carry out their banking transactions with just one touch on the screen. Login to online banking or the approval of a transaction (transaction signing) can be carried out quickly and easily with this technology.

Authentication via QR Code

By scanning a QR code displayed in online banking using the Airlock 2FA app, users can log in or release a transaction in seconds.

2FA - a competitive advantage?

What can only be done through time-consuming processes at established banks, works with FinTechs with scrolling and swiping - the opening of an account, the transfer, the purchase of securities. FinTechs are subject to the same security regulations as traditional banks. However, they handle them differently, e.g. with integrated security solutions based on cIAM and 2FA. This different, smooth handling of digital technologies is one of the main reasons why FinTechs are so well received.

Modern variants of two-factor authentication are thus becoming more important than ever for banks. This raises the next big question for financial service providers who already use a wide range of strong authentication methods: How can the changeover to a modern authentication method take place without presenting customers, internal IT and helpdesk with major challenges?
The integrated approach of two-factor authentication and customer IAM provides decisive answers to this question. The combination of the two solutions allows migration processes to be defined and automated, allowing a gradual changeover. This can be enforced by a deadline or at the next logon. The introduction of the new second factor is designed to be as simple and intuitive as possible.
For example, by sending an e-mail with all the information and instructions for downloading the app, the new authentication and a QR code at the next login, which must then be scanned with the smartphone. This is child's play and that's the way it should be.

 The e-mail or even an information letter can be sent directly from the cIAM. The customer hotline is not used to full capacity.

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

No blog posts

This list contains no blog posts.

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge