Convego® Mobile Authentication
Our authentication solutions fulfil the strong customer authentication (SCA) requirement of the EU Revised Directive on Payment Services (PSD2). The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments, and adaption of this need is also seen globally.
Convego® Mobile Authentication in a nutshell
The solution builds on the FIDO UAF industry specifications, providing strong customer authentication via mobile devices (Android, iOS) and using biometric options for user verification. It is powered by Samsung SDS Nexsign technology and provides a balanced combination of usability, security and reduced operating costs. Users authenticate by presenting biometrics such as face, voice or fingerprint.
An end-to-end secured challenge response protocol based on the FIDO lightweight-PKI approach is then executed in the client-server solution, invisible to the user. It assures a strong cryptographic proof of the successful authentication and provides additional attestation on the integrity of the client authenticator. The combination of private key on the user device (possession) and biometrics (inherence) provides a very robust two-factor authentication with scalable security. Depending on the transaction risk, the types of authenticators (e.g. software or hardware) as well as the level of biometrics (e.g. single mode, like fingerprint only or multimodal like face+voice combined) can be freely chosen by server policy. No passwords or PINs are required anymore for the end user.
Accordingly, no cumbersome password-renewal procedures are necessary by the service provider if the user forgets a password. Besides security, user privacy is another key challenge. Our authentication solution addresses this need by storing all biometric data securely encrypted on the user device. No biometric user data ever leaves the device. As a consequence, no biometric server database exists removing any risk of scalable attack.
- Tailored to customer environment using standard APIs
- Flexible private key storage options – WBC, TEE, Card (optional)
- Secure PSD2-compliant solution certified by FIDO and Common Criteria
- Simple user experience with flexible integration of multiple biometrics
- No additional hardware tokens needed
Downloads Convego® Mobile Authentication
Download Trend Reports
PSD2 - the rise of the non‐bank
The introduction of PSD2 has had a hugely powerful effect on the financial services industry, driving a wave of fintech startups and forcing banks to transform and innovate in ways they never have before, ultimately providing a better and more secure service.
How secure is an SMS in authenticating identities?
SMS as a second factor of authentication is not as safe as once imagined – but there are secure alternatives such as FIDO that can deliver a solution that satisfies service providers, and end consumers, whilst also maintaining regulatory compliance.
Our latest innovation allows your cardholders to continue relying on the card that they already have at hand. Strong Customer Authentication use scenarios can be accessed with a single tap on their mobile device.
Convego® CloudPay eCOM and SCA
The biggest concern for e-commerce and online payments is cart abandonment at checkout. Tokenization and Strong Customer Authentication – or what we call delegated authentication – can prevent it and help increase conversions.