Passwords as well as most of today’s strong customer authentication (SCA) methods are susceptible to phishing and man-in-the-middle attacks. For technical reasons, they are not capable to check the actual domain (URL) in the user’s browser address bar. All information a user enters into a fraudulent phishing website is instantly compromised. Hanko’s WebAuthn technology makes sure that the user can only authenticate on the legit bank website or app, nowhere else. #ByeByePhishing
For strong customer authentication in mobile banking apps, many banks already make use of the biometrics capabilities of iOS and Android devices. With Hanko’s WebAuthn technology, biometric authentication also becomes available in browser-based applications. WebAuthn is THE web standard for what is described as “device binding” in PSD2 regulation. Instead of a password and an authentication code generated by a card reader or sent by SMS, biometric interfaces like Windows Hello or Touch ID can be used for PSD2-compliant, password-free, and hardware-agnostic SCA - in mobile apps as well as on the banking website. WebAuthn also allows for standardized FIDO Security Keys if dedicated hardware is still needed.
Hanko’s WebAuthn technology can be used for customer logins (“access to account”) as well as for securing transactions. As most end-user devices are already WebAuthn-capable, legacy SCA methods can soon be depracated.
By replacing passwords and working with native device capabilities, your SCA for logins and transactions becomes as easy-to-use as Apple Pay and Google Pay. Thus creating a smooth and easy transactions and secure banking possibilities.
The decision for FIDO must be considered as part of the banks’ IT strategy. As an active FIDO Alliance member and technology provider for passwordless authentication, Hanko offers FIDO-certified infrastructure for banks and financial services to set up PSD2 compliant SCA with FIDO.
Replace SMS SCA and proprietary CAP readers
The established global standard for 2FA/SCA
Innovative and seamless user experience
Completely prevents Phishing and account takeovers
Reduced operational overheads for multiple SCA methods