DIGIPASS CX Explained
End-users are the #1 attack surface globally as identity, credential theft, and social engineering threats are escalating.
DIGIPASS CX solutions protect organizations against sophisticated social engineering attacks while ensuring a secure and simple user experience.
The DIGIPASS CX offering consists of cloud-connected smart devices designed to fulfill different business needs, from authentication and transaction authorization, to document signing and credential storage.
Flexible authentication, document & transaction signing, and credential storage
Accelerate your digital transformation, stop social engineering fraud, and authenticate your users effortlessly. Complete any transaction, anywhere, anytime via any channel, regardless of user device. Streamline your authentication and digital transactions to create an unparalleled user experience with a single DIGIPASS CX device.
DIGIPASS CX is designed to fulfill different business needs, from authentication and transaction authorization, to document signing and credential storage. In addition, DIGIPASS CX solutions support multiple authentication methods – including FIDO2 and OATH – enabling users and integrators to secure their applications and services using the appropriate protocol for each environment.
Simplify the User Experience
Eliminate passwords to improve usability
For many clients, convenience is a top priority, with security taking second place. In fact, more customer churn can result from inconvenience than from fraud. So how can organizations find the right balance between security and the user experience? By eliminating passwords altogether.
DIGIPASS CX eliminates cumbersome passcodes altogether, offering a passwordless approach with a fingerprint biometric — which simplifies the user experience while building trust.
Your users can authenticate and sign transactions and documents anywhere, anytime on any device. DIGIPASS CX solutions can be connected to the desktop via USB but are also Bluetooth/NFC-enabled. This allows them to work seamlessly with any laptop, desktop, tablet, or phone, to ensure maximal user adoption.
Stop Social Engineering Fraud
Mitigate human risk in social engineering with a passwordless approach
Social engineering is not a new concept. In fact, it’s growing. Many organizations have taken steps to address social engineering by strengthening security for users — but even strong two-factor authentication can be circumvented when users are tricked in revealing a one-time password (OTP), as cybercriminals exploit our natural human tendency to trust.
DIGIPASS CX offers a solution. DIGIPASS CX devices eliminate the need for passwords. The solutions work in a connected mode, with the OTP never being disclosed. As there are no passwords to phish, there is a much lower likelihood of exposure to schemes such as adversary-in-the-middle and adversary-in-the-browser attacks, or any other password-reliant account takeover and replay attacks.
Secure Transaction Signing
Mitigate social engineering attacks, and secure banking transactions
Social engineering techniques continue to evolve, and are used on a large scale. Advanced techniques are carefully crafted to deceive even the most security-minded of users. DIGIPASS CX solutions prevent fraud, and strengthen protection against Trojans, phishing, and adversary‑in‑the‑middle attacks. DIGIPASS CX devices work in connected mode, so one-time passwords are not disclosed. Instead, they are encrypted and transferred in the back end, in a way that is seamless and invisible to the end user. The transaction is sent over a secure channel, ensuring message authenticity and integrity.
Securing customers’ accounts and banking transactions often introduces extra friction and frustration for users. DIGIPASS CX offers an intuitive experience they’ll love, with What You See Is What You Sign (WYSIWYS) functionality that ensures all transaction details are encrypted and presented for verification before signing.
Elevate trust in your online and mobile channels, strengthen your client relationships, and meet regulatory requirements with DIGIPASS CX secure transaction signing.
Future-proof Your Solution
All DIGIPASS CX solutions have remote update functionality. As DIGIPASS CX authenticators connect to the Smart Services platform, secure remote updates can be installed on DIGIPASS CX devices even after they have been deployed and distributed.
This gives you the flexibility to activate new features, customize your users’ journey, or modify configuration and security parameters to adapt quickly to evolving technology, changing business needs, and ever-more sophisticated threats.
Benefit from DIGIPASS CX
DIGIPASS CX solutions are offered on a subscription basis. Benefit from innovative and leading authentication and transaction signing solutions for less than the price of a cup of coffee per device per month. Simply choose the subscription tier that covers your business needs. OneSpan offers flexible licensing options, allowing you to easily add, delete or reassign devices to users.
DIGIPASS CX solutions can be securely updated to add new features and functionality. Gain flexibility by choosing a solution that evolves with your business needs or as new compliance regulations come to market, with no need to phase out or replace obsolete hardware authenticators.
Practical use case
Mitigate human risk in banking transactions
DIGIPASS CX provides a phishing-resistant transaction validation solution that will enable banks to offer enhanced security to their customers, regardless of the device or channel they use.
It is the ideal solution to mitigate risk from social engineering and adversary-in-the-middle attacks, as passwords are never disclosed, and can’t be inadvertently shared with fraudsters.
Transactions are sent over a secure channel, so it is impossible to forward malicious transactions, through social media platforms for instance. In addition, private keys and credentials are stored on a secure element and never leave the device.
While the solution provides an intuitive client experience with fingerprint biometrics, it also adapts to evolving business needs — allowing banks and other financial organizations to add features, and even modify transaction workflows after deployment.
Practical use case
Secure Remote Workforce Authentication
The world’s digital transformation and shift to hybrid work has expanded the potential attack surface for cybercriminals. Social engineering attacks are increasing both in volume and sophistication, bringing legitimate concerns for organizations looking to protect their workforce from credential theft and account takeover incidents.
With DIGIPASS CX, OneSpan offers the best user experience, enabling a “work from anywhere on any device” policy that enhances productivity and reduces IT admin hassles without weakening the organization’s security posture. It offers phishing-resistant solutions that disclose no passwords, so they can’t be phished or intercepted by fraudsters. To log on, users simply scan their fingerprint. No password management or helpdesk calls — and productivity is not negatively impacted by a clunky login process. The DIGIPASS Cloud Console allows for easy device management throughout the lifecycle and provides organizations with the ability to add new functionality or extend the use of the device for different business needs such as document signing or Virtual Room.
Practical use case
Ensure compliance with DEA security mandates for EPCS
The US Drug Enforcement Administration (DEA) legalized the use of Electronic Prescriptions for Controlled Substances to help reduce the rising prescription drug abuse problem in the United States. EPCS applications require a successful authentication by physicians in order to initiate any prescription of controlled substances.
The DIGIPASS CX offering fullfills the DEA mandates by offering strong two-factor authentication that utilizes a FIPS 140 Level 3 certified cryptographic module.
DIGIPASS CX offers the highest assurance security and the best user experience, with a simplified login process. Physicians simply authenticate with a fingerprint biometric, ensuring a quick and secure login.