OTAC Dynamic Token
swIDch promotes the evolution of more safe and efficient authentication
of financial company apps through dynamic codes that are generated in
real time even in networkless environments.
Challenges
As the mobile financial environment has become more common and non-face-to-face financial transactions have increased, use of financial service apps is also rising. However, financial damages cases are also rapidly growing as they have become targets of various forms of hacking. Financial service companies introduce numerous security and authentication methods to protect consumers, but various issues arise in the process of using them. In fact, network-based payment tokens are difficult to use in an environment where communication is unstable, and user convenience can be compromised when a financial service app has a step-by-step user authentication process.
The solution
swIDch generates non-duplicate dynamic codes through our patented OTAC (One-Time Authentication Code) algorithm even in off-the-network environments without extra infrastructure. The generated verification code replaces the ID/PW and card number based on a fixed value.
- A dynamic code that is safe from hacking and leaks is generated.
- Dynamic codes are continuously changed even in an environment without a communication network
- The dynamic code alone identifies the owner (combining identification and authentication steps).
- Dynamic codes have a 0% chance of being duplicated.
- All functions can be implemented without changing the existing infrastructure.
OTAC Dynamic PAN
swIDch’s OTAC Dynamic PAN generates a dynamic card number that changes each time instead of fixed card information to prevent financial accidents caused by card number leakage. The dynamic card number generated based on the OTAC algorithm, the original technology of swIDch, can be issued and registered in the same way as the existing payment process. You can use it as a payment token even if communication with the server is restricted.
[Current tokenization technology]
[OTAC applied technology]
Expected Effects with OTAC Dynamic PAN
Reduction of operating costs by shortening verification time
OTAC Dynamic PAN provides a dynamic payment token generated from the user's mobile device during offline payment. Consumers can use the token to pay using the existing payment infrastructure of the shop or store to the financial service server. It not only reduces the operating cost by shortening the verification time compared to the token server that always requires communication networks, but also supports an environment where users can make payments with zero inconvenience even when offline. In addition, a shop that does not introduce 3D Secure authentication can also prevent payment incidents caused by the leakage of a user's card number, thereby you can reduce the cost of compensation for payment incidents.
Convenience and security enhancement using dynamic codes
OTAC Dynamic PAN is generated by the user's device and undergoes authentication processes such as fingerprint, iris, and PIN in their device. As it can be used in the same way as the existing card payment method without additional authentication process, it is much simpler. Also, an online shop without 3D Secure authentication allows consumers to pay only with the dynamic payment token provided in the form of a card number, preventing theft and misuse of the card number and enhancing security.
OTAC Device Authentication Token
swIDch’s OTAC Device Authentication Token generates a new OTAC on the user's device every time, even in an off-the-network environment, and provides it as a dynamic code that can act as 'ID + password + OTP' used for payment authentication. Consumers can also securely store unique values in their devices. In addition, by periodically sending a dynamic code valid only at the present time from the user's device to the server of the financial company, it is possible to check whether the user's device is accessing it from a normal customer's device by a one-way (uni-directional) verification of the received dynamic code.
● Embedment of OTAC generation module in the user's app
To generate a unique OTAC, the unique value is safely stored in the user's mobile device, and a valid OTAC is generated and transmitted at every point in time
● Embedment of OTAC verification module in financial company server
It verifies the periodically transmitted OTAC and assigns a unique value to each user.
Expected Effects with OTAC Device Authentication Token
Support for abnormal transaction detection through device authentication
Since a significant number of financial-related hacking cases involve hackers impersonating users from other devices, many financial companies use fraud detection system (FDS) to defend against hackers targeting electronic financial transactions. However, the FDS method which collects and analyses various information from the payer, requires not only device information but also a large amount of transaction information. It means device authentication for each transaction on FDS is essential. OTAC Device Authentication Token can be used together with FDS to enhance security or replace the functions of FDS.
Provides convenience through simplified user authentication
Because of the importance of security, financial service apps go through at least two factor authentication (2FA) when making payments or money transfers in addition to logging in. This process not only makes users uncomfortable, but also slows down the speed of the app due to the increase in resources required for authentication. OTAC Device Authentication Token eliminates the inconvenience of frequent logout or re-login when using the platform by reducing unnecessary user authentication steps through device authentication using dynamic codes and extending the session between financial service apps and servers through OTAC verification.
Contact us today
Why swIDch
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
sufficient to IDENTIFY user
and AUTHENTICATION
off-the-network environment
Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.
OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks.
No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI).
Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.