“One-time-password is unpopular because it’s not user-friendly… And on top of it, it’s not 100% secure." (COO & CTO)
Type: Product
This tool replaces the code sent over SMS for authentication to customers: it thereby eliminates security loopholes as well as improves customer experience.
It includes more features and functions, required for a comprehensive digital login.
Service Mgmt. & Support
- 24/7.
- Remote support provided via ticketing system.
- Email groups are available to post questions (counts as a ticket).
- SLA defined for critical/major/minor issues.
- No additional difference for bronze/silver/gold service levels.
Competitor Product
Kobil
RSA
Use Cases & Pain Points Addressed
It is designed to improve the security of transactions through all digital channels, e.g. sensitive sessions such as banking transactions or payments.
In multi-factor authentication process, it replaces SMS OTP which is costly and increases with the number of customers as well as online traffic.
SMS OTP are not secure:
- It is easy to see the content of SMS messages, e.g. for people who have access to the database on the sender side.
- SIM card can be copied and intercept the messages sent to a phone.
Simple and seamless user experience:
- SMS OTP are disliked as user experience is bad: an SMS must be first received, read, and its code transcribed into the application.
- With Soft OTP there is automatic authentication in the background – without needing messages to be sent and codes to be copied.
Further user experience-related features can be added/activated:
- Push Notification Integration (standard).
- Biometric Integration (Fingerprint, Face, Retina etc.).
- QR Code.
- Captcha Integration.
The application is highly configurable and adaptable to customer needs – usually not requiring any change on legacy side.
Regulatory compliance:
- Full compliance with regulations defining the use of SMS OTP and requiring transaction signing.
- Security is aligned with public, international security standards and protocols.
- Compliant with BDDK & European Banking Regulation & supports COBIT & ITIL standards.
- More than just being a “Soft OTP” replacing the “SMS OTP”, it supports additional features and security mechanisms so that this platform can act as the “brain” of a digital login system.
Key Features & Differentiators
Architecture-level:
- Unlimited scaling thanks to micro-service structure, fully dockerized.
- Supports any operating system, Linux & Windows – unlike some competitor which requires Windows server and has restrictions on architecture.
- Secure & encrypted logging.
Fast & dimple integration, for any secure digital transaction integration.
- Software delivery kits (SDK) are part of the solution and support IOS & Android mobile application integration.
- RESTful API’s are available to integrate with online banking, call center, ATM, IVR, etc.
- Highly configurable – no development is needed.
- Ease of Integration & ease of use.
Rich features are being provided from the start, e.g.:
- Push notification & mobile security is bundled with the same products.
- Some competitors don’t support push notification.
- Dedicated SDK can be built on demand as well (TBD with customer).
- Captcha, session name, security picture & QR Code are additonal features...
One-product-fits-all-needs approach in which most features are included in same price (unlike OneSpan).
Much better performance and scalability than some competitor (outdated architecture with bottlenecks).
Costs/Expenses & TCO: comes at a fraction of the cost of international vendor tools (List Price comparison). TCO is reduced:
- SMS no longer need to be physically sent.
- Unique licensing model: consistently cheaper, in which the pricing is neither based on the number of transactions nor on the number of users, but on tiers.
Performance benchmark:
In one large customer, 15K transactions/sec can be easily generated with 1 Core CPU (VM), 6GB.