Access Security for Online Banking

Why you need access security for web and mobile banking

inWebo access security for web and mobile banking  

While bringing great benefits to customers, online banking has made the business of robing banks less risky and more attractive. Cyberattacks don’t target the bank itself but the customers and their accounts. The sophistication of such attacks has increased as banks were implementing basic password security mechanisms. Protecting accounts against phishing (e.g. with some javascript pin-pad) OR against password stealing (e.g. with some OTP device or push-based notification) is no longer enough since modern attacks combine both techniques.

inWebo access security for web and mobile banking

Our MFA solution for banking applications consists of

  • Client-side OTP-generation libraries, inWebo mAccess and inWebo Helium.
    • These libraries turn the interfaces to your banking applications – your mobile banking App as well as web browsers – into trusted devices, i.e. strong authentication methods.
    • Accessing a user account requires a valid One-Time Password (OTP) generated from one of the user’s trusted devices. Therefore, this defeats attackers who don’t have access to one of the user’s trusted device(s), while making access extremely easy for the legitimate user, since the OTP is generated locally (it is not sent to the user) and is provided automatically (the user doesn’t have to copy-paste it).
    • inWebo authentication libraries can dynamically be used for 1-factor (trusted device), 2-factor (trusted device + a secret or a biometric factor), or even 3-factor authentication (if combined across channels / devices). You can use them to design and implement efficient protection strategies across all online banking channels.
    • Unlike other MFA vendors, 100% of user devices – laptops, tablets, smartphones – are supported. Integrating the library into your web and/or mobile applications is all what it takes, there’s no physical token to provide or manage, no App or plugin to download. It’s a very efficient approach to MFA.
    • The libraries provide an abstraction layer for user credentials management. Your developers don’t need to worry about platform specific security integration.
  • A back-end authentication service and full API. The API’s obvious purpose is to validate OTPs received by your mobile and web banking applications and to enforce the access security policies that you have defined. It also allows you to fully automate credential management, user enrollment (to MFA), and trusted device management. Only with such an automation can you implement security at scale.

What are your options

To get a deeper understanding of our solutions, you may

  • Evaluate inWebo for free and without commitment for 30 days. Note that we have project management, consulting, and integration partners trained in our solutions whom you can ask for an evaluation and a PoC.
  • Request a customized demo. We’ll be happy to show and explain the basics of our solution and answer your questions.