2FA in the banking world

User name and password - in the past, access to online banking and the financial app was as easy as this, at least in the EC. But these times are over since 14 September 2019. In order to make payments more secure and put a stop to cybercrime, the EC has been requiring strong authentication with two identification elements since 2019, as Switzerland has been doing for several years. This tightening of the rules - keyword PSD2 - not only affects financial transactions, but also access for third-party providers via APIs. The objective is clear: thanks to "open banking", an ecosystem should be promoted that enables data sharing, so that third-party providers can also trigger certain operations and transactions on bank accounts via APIs. In practice, this fundamental rule change means that bank customers as well as third-party providers must use two factors to access accounts.

2FA methods in comparison

The most common 2FA variant at banks is still mTAN, where the customer first enters username and password (factor knowledge) before receiving a transaction number (TAN) on his mobile phone (factor possession) via SMS. However, this variant is not only questionable in terms of security. In terms of user-friendliness, too, mTAN is considered outdated, as the tedious process of typing in TANs is now considered a real imposition. Nowadays there are modern alternatives such as "Zero-Touch", "One-Touch" or "QR Code", also for the approval of transactions. 

Authorisation without interaction

The most elegant authentication method currently available is undoubtedly "Zero-Touch". It uses various channels, such as ambient noise, ultrasound, known Bluetooth devices or the WLAN, to determine whether the user to be identified is currently in a familiar environment. In this way, customers can be securely authenticated without their active involvement and seemingly invisibly.

Authentication with one touch

With "One-Touch", also in combination with biometric procedures such as Touch ID or Face ID, users are uniquely identified and can carry out their banking transactions with just one touch on the screen. Login to online banking or the approval of a transaction (transaction signing) can be carried out quickly and easily with this technology.

Authentication via QR Code

By scanning a QR code displayed in online banking using the Airlock 2FA app, users can log in or release a transaction in seconds.

2FA - a competitive advantage?

What can only be done through time-consuming processes at established banks, works with FinTechs with scrolling and swiping - the opening of an account, the transfer, the purchase of securities. FinTechs are subject to the same security regulations as traditional banks. However, they handle them differently, e.g. with integrated security solutions based on cIAM and 2FA. This different, smooth handling of digital technologies is one of the main reasons why FinTechs are so well received.

Modern variants of two-factor authentication are thus becoming more important than ever for banks. This raises the next big question for financial service providers who already use a wide range of strong authentication methods: How can the changeover to a modern authentication method take place without presenting customers, internal IT and helpdesk with major challenges?
The integrated approach of two-factor authentication and customer IAM provides decisive answers to this question. The combination of the two solutions allows migration processes to be defined and automated, allowing a gradual changeover. This can be enforced by a deadline or at the next logon. The introduction of the new second factor is designed to be as simple and intuitive as possible.
For example, by sending an e-mail with all the information and instructions for downloading the app, the new authentication and a QR code at the next login, which must then be scanned with the smartphone. This is child's play and that's the way it should be.

 The e-mail or even an information letter can be sent directly from the cIAM. The customer hotline is not used to full capacity.

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

More interesting articles

Security in concrete terms - 2FA in industry
2FA

Security in concrete terms - 2FA in industry

Security in concrete terms - 2FA in the insurance industry
2FA

Security in concrete terms - 2FA in the insurance industry

Securing the Payment Services Directive 2 (PSD2)
Banking

Securing the Payment Services Directive 2 (PSD2)

Information for you

-Our whitepaper-

IT-security solutions

Digitalisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security.

Read our whitepaper to find out how IT-Security will become the pioneer of degitalization.

Request free of charge

Accelerate digitisation

To stay technically viable in this digital transformation, you must increasingly switch to hybrid cloud environments. This requires new security approaches as well as coordinated identity and access management.

Find out more in our whitepaper in collaboration with Deloitte, eperi and SHE.

Request free of charge

OWASP Top 10 for API Security

OWASP has created a new Top10 list for API Security. The top 10 listed reflect a broad consensus on what the most important API security issues are at the moment.

In our whitepaper you will learn how our Airlock API addresses the OWASP Top 10.

Request free of charge