HID Global

HID Global®, a worldwide leader in secure identity solutions, has enhanced its ActivID® authentication offering for digital banking with a push notification solution that gives financial institutions a secure channel and easy method for notifying customers about pending transactions on their phones or tablets, and then proceeding with execution after receiving their authorisation.

ActivID Trusted Transactions solution

“Customers are finding it increasingly difficult to differentiate between legitimate websites, emails, and phone calls originating from their own bank versus those created by fraudsters, making it more difficult for them to spot fraudulent transactions,” said Tim Phipps, vice president of product marketing, Identity Assurance with HID Global. “With our ActivID Trusted Transactions solution, banks can offer far more convenient out-of-band transaction notification and authorisation on mobile devices, which provides customers real-time alerts prior to a suspicious transaction being applied to their account. This places the control back in the customer’s hands by providing them with simple way to confirm the legitimacy of a pending transaction.”

Financial institutions using mobile banking channels have typically relied on simple passwords or out-of-band transaction verification based on one time passwords (OTP) tokens sent via SMS to customers’ mobile devices. Cybercriminals have attacked the end-user’s web browser or this insecure OTP authentication method with SMS malware to take over accounts and make unauthorised transactions, such as large money transfers. These attacks use a variety of phishing, vishing, SMS malware, man-in-the-middle and man-in-the-browser techniques and have eroded consumer confidence in digital banking.

ActivID Authentication Server

To solve this problem, HID Global’s “phone as a token” out-of-band verification solution uses transaction signing with private key cryptography over a trusted and secure electronic channel. All communication is encrypted with mutual authentication between the user’s mobile device and the financial institution’s online banking application. Transaction non-repudiation is ensured by generating the private key outside the financial institution’s backend system and then protecting it to prevent extraction, cloning or access from another application. When a transaction is initiated, the ActivID Authentication Server uses its Mobile Push capability to send an authorisation notification to the user’s registered mobile device with all relevant information and a request to accept or reject it using the server’s ActivID Mobile Signing Software Developer Kit (SDK). Signed responses are returned to the server, which validates and forwards them to the online banking system to grant or deny transactions.

"Trust, total cost of ownership (TCO) and user experience (UX) vary among individual phone-as-a-token methods. Out-of-band (OOB) authentication using push modes offers the best balance of trust and UX, making it the best choice across many use cases," said Ant Allan, analyst with Gartner.

Availability

HID Global’s ActivID Trusted Transactions with Mobile Push capability is available now with the company’s latest ActivID Authentication Server v7.3 release.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

HID Global case studies

HID Global launches massive initiative to ensure African citizens secure personal ID cards and their privileges

It is essential that governments be able to issue identification credentials so citizens can exercise their civic rights and duties, access programs and services, and travel freely to and from other countries. HID Global, globally renowned trusted identity solutions, has enabled numerous African countries to issue millions of these credentials as the company helps to propel a variety of initiatives across the continent aimed at providing “identity for all.” Secure ID card issuance...

HID Global’s IoT enabled platform HID Trusted Tag Services deployed at Tasmania’s Old Kempton Distillery

HID Global, a global provider of trusted identity solutions, announced that Tasmania’s Old Kempton Distillery (OKD) has deployed its Internet of Things (IoT) enablement platform, HID Trusted Tag Services, to combat counterfeiting of its world class whiskeys, gins and other liquor products. HID’s innovative IoT platform for brand protection, combined with the web application developed by local integrator AusNFC, enables Old Kempton Distillery to guard against grey market activities a...

HID Global provides RFID tags to EMBL Grenoble for better handling of biological samples at cryogenic temperatures

HID Global, provider of trusted identity solutions, announces that the European Molecular Biology Laboratory (EMBL) in Grenoble, France has selected HID’s radio frequency identification (RFID) tags and its patented direct bonding technology for automated handling of biological samples at cryogenic temperatures of 196°C (-321° F) in liquid nitrogen. EMBL Grenoble creates high-resolution pictures and 3D atomic models of biological macromolecules using a specialised imaging process c...