2FA in the banking world

User name and password - in the past, access to online banking and the financial app was as easy as this, at least in the EC. But these times are over since 14 September 2019. In order to make payments more secure and put a stop to cybercrime, the EC has been requiring strong authentication with two identification elements since 2019, as Switzerland has been doing for several years. This tightening of the rules - keyword PSD2 - not only affects financial transactions, but also access for third-party providers via APIs. The objective is clear: thanks to "open banking", an ecosystem should be promoted that enables data sharing, so that third-party providers can also trigger certain operations and transactions on bank accounts via APIs. In practice, this fundamental rule change means that bank customers as well as third-party providers must use two factors to access accounts.

2FA methods in comparison

The most common 2FA variant at banks is still mTAN, where the customer first enters username and password (factor knowledge) before receiving a transaction number (TAN) on his mobile phone (factor possession) via SMS. However, this variant is not only questionable in terms of security. In terms of user-friendliness, too, mTAN is considered outdated, as the tedious process of typing in TANs is now considered a real imposition. Nowadays there are modern alternatives such as "One-Touch" or "QR Code", also for the approval of transactions. 

Authentication with one touch

With "One-Touch", also in combination with biometric procedures such as Touch ID or Face ID, users are uniquely identified and can carry out their banking transactions with just one touch on the screen. Login to online banking or the approval of a transaction (transaction signing) can be carried out quickly and easily with this technology.

Authentication via QR Code

By scanning a QR code displayed in online banking using the Airlock 2FA app, users can log in or release a transaction in seconds.

2FA - a competitive advantage?

What can only be done through time-consuming processes at established banks, works with FinTechs with scrolling and swiping - the opening of an account, the transfer, the purchase of securities. FinTechs are subject to the same security regulations as traditional banks. However, they handle them differently, e.g. with integrated security solutions based on cIAM and 2FA. This different, smooth handling of digital technologies is one of the main reasons why FinTechs are so well received.

Modern variants of two-factor authentication are thus becoming more important than ever for banks. This raises the next big question for financial service providers who already use a wide range of strong authentication methods: How can the changeover to a modern authentication method take place without presenting customers, internal IT and helpdesk with major challenges?
The integrated approach of two-factor authentication and customer IAM provides decisive answers to this question. The combination of the two solutions allows migration processes to be defined and automated, allowing a gradual changeover. This can be enforced by a deadline or at the next logon. The introduction of the new second factor is designed to be as simple and intuitive as possible.
For example, by sending an e-mail with all the information and instructions for downloading the app, the new authentication and a QR code at the next login, which must then be scanned with the smartphone. This is child's play and that's the way it should be.

 The e-mail or even an information letter can be sent directly from the cIAM. The customer hotline is not used to full capacity.

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

Write comment

Comments closed

More interesting articles


Every step is a step too much: why mobile banking on a new phone should 'just work'


Determining the perfect second factor – Found the needle in the haystack yet?


3 steps to drive passwordless authentication and obliterate passwords forever - Part 2

Information for you

-Our whitepapers-

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge