Subscribe to Newsletter :

Strategic Partner Program

The Yankee Group projects that more than 40 million U.S. consumers will be using mobile banking by the end of 2012.

Security

Bank.Companion-Mobile Banking Home

Making Mobile Banking a reality-Banking on the go-Mobile Banking Products

Mobile Banking software for Banks, Credit Unions etc

Application Security Features

Approval by Bank – After the Customer is registered he/ she has to be approved by the Bank Operator (with Checker rights). A bank user who has input the details cannot also approve the customer, though he may have the right to approve other registrations. Auto Approval can be achieved if required and is a system wide parameter.

Activation Key – On Approval the Customer will be sent an Activation Key, which the customer has to reply within the time configured. The time is a configurable parameter. Activation Key is a randomly generated value by the system which is unique for each customer.

Confirmation Key – When performing financial transactions, a random generated key is sent as an SMS to the customer with the transaction details for confirmation. Only on receipt of the SMS with the confirmation key within the configured timeout period, will the transaction be processed with the backend.

Optional MPIN – This is an optional mobile pin for enabling security across transactions
i.e. all pull services. For all the transactions which are configured with the MPIN required flag, the customer has to send the configured MPIN for those transactions. The MPIN is stored in encrypted form in the database.

Account Nick Names – This enables the customer to give a short and secure name to his/ her account. The request SMS and response message will not have the account number in it and will be only denoted by the nick name.

Personalized Service Codes – In case of Pull Service codes the customer can configure his own keyword / service codes other than what the bank has specified by default to help him/her remember the service with ease and also to secure the service from misuse.

Web Modules

  •      – User ID/ Password
  •      – Access Profiles
  •      – Session Timeouts

User Authentication is available in both the Customer and Admin modules, taking into account the user id and password policies of the Bank, such as the minimum length, mix of alpha characters, Account Locking etc. The system supports the minimum password length, the combination of alpha & numeric characters, password ageing/expiry, and password history as configurable parameters within the system.

User Roles are definable in the system by assigning desired Access Profiles. User Management and Access Profiles again are segregated to comply with the Bank’s security compliance, so that users though may have access to the password management for other users, may not be give the access to modify the profile.

A detailed audit trail module provides the reports on the different system accesses and transactions, including approver details for messages. The auditing is complete for the Customer access of the Customer Module and also for the Banks Users access of the Administration Module.

The system supports standard encryption levels for passwords supporting RC-1 and Triple DES.

System is configurable to allow for multiple sessions to be logged in with the same user id or not. Also the session timeouts/expiry is handled.

Pull Messages

In the case of PULL messages, the Mobile Number is the key to validate the customer, the service and the availability of the required data parameters.

Financial Transactions are confirmed by the process of the Confirmation Key which is randomly generated and sent to the customer, which should then be sent by the customer again as an SMS to complete the transaction.

Push Messages

In the case of PUSH messages, campaign and generic messages have the capability of a maker checker facility which can be enabled to authenticate messages.

The Push/Pull Gateways manages the integrity of messages by ensuring that a proper health check is carried out with the mobile operator prior to sending/ receiving messages, and then the messages are sent/ received and proper acknowledgements are maintained.