Digipass® Cronto visual transaction signing
Bring clarity and control to digital banking by enabling visual transaction verification. Digipass® Cronto helps stop advanced fraud, protect high-value operations, and build confidence with every transaction.
Mitigate phishing and social engineering attacks
Cronto authentication devices ensure transaction integrity and reduce the risk of fraud, deception, and unauthorized approvals through an encrypted visual code known as a Cronto cryptogram.
By shifting transaction authorization control from the user to the bank, Cronto hardware devices neutralize phishing and social engineering attempts. This ensures mutual authentication – only the bank can create valid Cronto codes, and only the intended user’s device can decrypt and verify them.
Additional safeguards include:
- Time-limited validity for Cronto images
- Intelligent prevention of stealing and re-sharing Cronto images
- Brute force protection with device lockouts after multiple failed attempts
See what you sign
Create a secure, bank-controlled approval flow with visual transaction signing.
WYSIWYS: Know exactly what you approve
Cronto authenticators feature a trusted, secure display that presents transaction details in a clear and intuitive format, ensuring what you see is what you sign (WYSIWYS).
The devices guide users through a programmable, step-by-step approval process, helping to prevent errors and misunderstandings while keeping user awareness at its highest.
The dynamic transaction confirmation dialog changes based on the assessed risk level. It highlights critical details and prompts, allowing banks to tailor interactions to specific transaction types and risk profiles. This reinforces security without relying solely on user vigilance.
Effortless user experience without compromise
With Digipass Cronto authenticators, secure banking is as simple as scanning and signing.
Cronto images bypass the need for users to manually type in transaction details or codes, and transaction details are instantly displayed for review. This intuitive, low-friction authentication experience ensures quick adoption.
Regardless of low light or shaky hands, the device’s high-performance scanning works in a wide range of real-world environments to ensure reliability and accessibility when and where customers need it.
Seamless compliance with PSD2 dynamic linking
Cronto is purpose-built to meet and exceed the strong customer authentication and dynamic linking requirements of the Revised Payment Services Directive (PSD2).
The encrypted Cronto image contains transaction-specific data such as the amount and recipient details, which are decrypted and shown to the user before approval. This ensures the authentication code is cryptographically bound to the actual transaction data, making any tampering detectable and invalid.
Cronto satisfies regulatory mandates while delivering a fast, transparent, and user-friendly experience. Financial institutions can implement it with confidence, knowing it’s a fully compliant solution for today’s stringent security standards.
Solution spotlight:
Safeguard financial transactions with Digipass® FX2 for phishing-resistant transaction security
Approve transactions confidently with real-time validation on a trusted device.
Product selector
Preserve the integrity of every customer interaction with our Digipass Cronto visual signing devices. Whether it's securing online banking, authorizing high-value transfers, or meeting compliance mandates, our devices offer the reliability, auditability, and fraud resistance the financial sector demands.
Product | Description | Battery | Built-in camera | PIN protected | What you see is what you sign | Datasheet |
|---|---|---|---|---|---|---|
Digipass FX2  | Uniquely combines FIDO2 phishing-resistant authentication with Cronto's trusted visual transaction signing, delivering unmatched security and user confidence. | Rechargeable |
|
|
| |
Digipass 770  | A compact Cronto-based visual transaction signing device that enables fast, secure approvals by scanning encrypted color QR codes, ideal for high assurance verification. | Replaceable |
|
|
| |
Digipass 772  | A versatile Cronto visual signing device to ensure seamless transaction signing and strong authentication. | Replaceable |
|
|
| |
Digipass 882  | Integrates enhanced standard smart card reader technology with a future-proof Cronto transaction signing experience. | Replaceable |
|
|
|
Frequently asked questions
- What is Cronto?
- Cronto is an innovative visual transaction signing solution that allows financial institutions to offer a secure and user-friendly transaction flow.
- It has been designed to thwart social engineering and phishing attacks by taking the "trust" decisions out of the hands of the user, and ensuring only the bank can initiate a transaction signature request.
- The bank controls the authorization process: Cronto assures the bank that a user can only authorize a legitimate transaction.
- A secure communication channel that enables message authenticity: Cronto assures the user that the transaction authorization request is coming from the bank.
- Enhanced WYSIWYS (What You See Is What You Sign) process: Cronto provides a complete and accurate picture of the transaction to the user for review and authorization. To eliminate the "authorization routine", banks can visually and dynamically alert users of high-risk transactions
- How does it work?
- The concept is very simple. The Cronto solution utilizes a unique visual challenge contained in a graphical cryptogram consisting of a matrix of colored dots displayed on the customer's PC screen. The cryptogram contains all transaction data, including the device used, the transaction amount, and recipient account details.
- The customer uses the camera in their mobile phone or a dedicated hardware device to capture this cryptogram by taking a picture of the screen. If the image is untampered with, the customer is then presented with critical transaction information, like payment details, decoded securely from the visual cryptogram image.
- The customer can then check transaction details on the screen of the phone or hardware device to confirm that this transaction is genuine. S/he is reassured that a Banking Trojan has not altered his payment instruction. An authentication code is then generated on the customer phone or device and is passed back to the bank's server to complete the transaction.
- Do end users need to install additional software or drivers to be able to use Cronto?
- There is no installation of any application, plugin, add-on, or other software required to start using Cronto devices. This allows banks to save costs on helpdesk servicing and additional software maintenance.
- Why is Cronto preferred over generic QR codes?
- Cronto was designed specifically for digital banking, where accuracy and speed are critical. Unlike generic QR codes, Cronto visual codes are optimized for high performance, high data capacity, and secure transaction signing. This ensures an immediate and reliable response with minimal errors.
- QR codes, on the other hand, were not built with banking transactions in mind. As the amount of data grows, their decoding performance slows down, the error margin increases, and the user experience can suffer — especially in low resolution or poor lighting conditions.
- Cronto overcomes these limitations, making it the trusted choice for secure, user-friendly transaction signing in digital banking.
- Can I customize my Digipass Cronto visual transaction signing authenticator?
- Yes, the hardware device can be customized to reflect your corporate branding.
Build customer trust with advanced transaction security
Cronto is trusted by leading banks to safeguard millions of transactions while delivering a seamless user experience. Whether you're looking to strengthen online banking, reduce fraud, or meet regulatory mandates, Cronto is your complete solution for secure transaction signing.
