SIGN - Push & TAN services

Software-based transaction authorisations for smartphones and desktops. Internet TANs via push and cloud services for online banking, as well as online payments with credit cards.

Online banking has been in existence for over 15 years. It has always relied on the authentication of the user (account number and PIN) and the authorisation of the transaction (TAN). The main communication channel is based on web or mobile applications (transfer); the second channel makes use of special end devices (TAN generator, secoder) or a mobile phone for the communication of the transaction number (authorisation). It is assumed that traditional authorisation mechanisms such as iTAN and mTAN are directly transferred to a smartphone application.

 

Photo gallery: SIGN
TAN via the “push method” for banking and P2P payments.

 

Traditional TAN mechanisms are expensive, insecure and mean that banks are relying on telecommunications providers for security

Many banks shy away from this step because they believe that they will forgo the second, secure communication channel. However, the move to a purely software-based banking system presents considerable advantages:

  • Savings totalling millions of Euros on classical providers and TAN costs

  • Tremendous increase in security thanks to the encrypted transmission of transaction-related data

  • Independent of inflexible telecom providers (SIM cloning)

  • In the event of a process change or when new security vulnerabilities are discovered, no additional hardware CAPEX (change of Flicker / TAN generator)

  • Simple and inexpensive adaptation of all future banking processes thanks to fast software changes

  • Thanks to additional software hardening, SIGN is significantly more secure than the 20-year old SMS process

 

SIGN is secure, fast and inexpensive

In one single app, SIGN provides all these advantages.

  • The server component is executable in the banking system as a Java web application

  • The app component is available for Android and iOS

  • TANs can be generated on the banking host or in the SIGN server

  • You can still use your old "SMS out" interface with your mobile network provider without having to make technical changes in your data centre – thanks to a virtual mobile phone number

  • Thanks to a virtual mobile phone number, all former "SMS-based" banking processes can be carried out without having to make technical changes to the bank's system

  • The app has a messaging client that is encryption-protected, so it can be used for client information and as a guaranteed channel for confidential documents

  • SIGN uses an advanced encrypted authorisation concept that means it can be opened and used by means of various devices (such as a smartwatch) instead of requiring an app password

  • If the Apple or Google cloud services should be unavailable (push channel), the TAN will be provided on a separate, secure poll channel

  • The transaction number can be fully replaced by a confirmation screen

  • Every app is identifiable as an authorised device in the banking system (public private key)

  • The app is integrated in the smartphone hardware with additional ID, hardware and software specificities

 

Additional hardening and security measures available

SIGN clients are available in the form of an app (Android/iOS). All available hardening and security measures for each operating system can be activated in these clients. This allows for secure banking transaction via SIGN even on devices that are compromised.