Partners solutions

Mobile transaction authentication signature (mTAS)

PayConfirm — is a software platform that performs mobile transaction authentication signature (mTAS) to authenticate or confirm any type of operations, including transactions or e-documents, on a mobile device.

Demonstration

PayConfirm is a mTAS solution for smartphones that allows bank’s clients to confirm their transactions in any digital channel (online banking, mobile banking, CNP operations, telephone banking (Private bank), and others) with a high level of security and convenience. Comparing to such methods of transaction confirmation as SMS, One-Time Password, scratch-cards, MAC-tokens and others, PayConfirm makes the process more secure and user-friendly.

PayConfirm consists of two parts: Server part that is implemented into bank’s IT infrastructure, Mobile client or application for smartphones based on iOS (9.0 and above) and Android (4.4 and above). mTAS PayConfirm can be easily embedded into the banking mobile application or work as a customized standalone app.

In the core of a signature, generated by PayConfirm, there are asymmetric cryptographic algorithms, which means that a bank itself doesn’t store clients’ key, while digital keys — so-called “private keys” — are generated and stored in client’s smartphone and cannot be “intercepted” as well as reproduced by any third party.

Key points

Confirm any types of operations on-the-go with PayConfirm:

  • No more codes retyping from SMS, PUSH notifications and OTP generators;
  • Trusted solution based on cryptography;
  • No deny of service in roaming and off-line modes;
  • Real-time notification right in a smartphone.

High level of security:

  • Protection from phishing, social engineering, data switching;
  • SMS interception and SIM swap attack protection;
  • Fraud monitoring systems integration significantly increases accuracy of any potentially fraudulent transactions detection.

PayConfirm security

PayConfirm features to secure transactions:

  • In PayConfirm transaction authentication signature is generated on the basis of four components: exact transaction details and timestamp, smartphone fingerprint (unique smartphone characteristics) and a private key stored in client’s smartphone;
  • No OTP or any other codes are use in mTAS PayConfrim and this reasonably decreases the risk of fraud caused social engineering.

Private key’s security:

  • The private key is generated in the user’s smartphone and stored encrypted in safe;
  • Two independent communication channels are used to activate PayConfirm app in a user’s smartphone.

Transactions non-repudiation:

  • User not just “confirms” payment details, but authenticates the transaction, so as a result it is easy to answer when and what exact data was confirmed, who did it and what was a result of the confirmation process;
  • Unlike OTP, in mTAS PayConfirm full transaction details or agreement data are displayed to the client before confirmation as well as confirmation result.