A major Swiss bank uses the Ergonomics Authentication Server (EAS) for reliable identification of e-banking and m-banking users. In the current configuration, photoTAN (colored barcode) and M-TAN (SMS password) are implemented. The technology used in the SMS scenario works without caching sent passwords, thus eliminating one of the potential attack vectors.
The solution also supports transaction verification with both methods. The financial institution identifies critical or unusual transactions, and asks the customer for an extra confirmation. Critical information, such as amount and destination account are sent to the photoTAN app or via SMS to the customer’s mobile device for approval – attacks that manipulate target account or amount can be detected.
The EAS also supports other technologies for strong authentication and transaction verification, which are not yet used in the current implementation. The EAS is available to all financial institutions as a scalable, flexible and proven solution for securing E-Banking transactions.
More information about the Ergonomics Authentication Server (EAS).