HID Global said it enhanced its ActivID authentication offering for digital banking with a push notification solution.
The new addition to the ActivID gives financial institutions a secure channel and easy method for notifying customers about pending transactions on their phones or tablets, and then proceeding with execution after receiving their authorization.
According to HID, when a transaction is initiated, the ActivID Authentication Server uses its Mobile Push capability to send an authorization notification to the user’s registered mobile device with all relevant information and a request to accept or reject it using the server’s ActivID Mobile Signing Software Developer Kit (SDK).
Signed responses are returned to the server, which validates and forwards them to the online banking system to grant or deny transactions.
The enhanced ActivID solution is available now with the company’s latest ActivID Authentication Server v7.3 release.
“Customers are finding it increasingly difficult to differentiate between legitimate websites, emails, and phone calls originating from their own bank versus those created by fraudsters, making it more difficult for them to spot fraudulent transactions,” said Tim Phipps, vice president of product marketing, Identity Assurance with HID Global.
HID Global noted that cybercriminals have attacked the end-user’s web browser or insecure OTP authentication method with SMS malware to take over accounts and make unauthorized transactions, such as large money transfers.
These attacks use a variety of phishing, SMS malware, man-in-the-middle and man-in-the-browser techniques and have eroded consumer confidence in digital banking.
HID Global said its “phone-as-a-token” out-of-band verification solution solves this issue using transaction signing with private key cryptography over a trusted and secure electronic channel.
All communication is encrypted with mutual authentication between the user’s mobile device and the financial institution’s online banking application.