Transaction Signing

Secure your banking transactions, boost confidence in your online and mobile channels, and provide a consistent user experience for every single customer

Business Challenge

Mitigate social engineering attacks and secure banking transactions for every single customer

Unlocked padlock
Combat Social Engineering Fraud

Social engineering techniques continue to evolve and are used at a large scale. These advanced social engineering techniques are carefully crafted to fool even the most security-minded person 
 

Rigid-Authentication-Gray.svg
Rigid Security Adds Friction to Customer Experience

Securing customers’ accounts and banking transactions often introduces extra friction and frustrates users
 

customer case studies
Customer Journeys Are Not All the Same and Lack Consistency

Lack of integrated security between digital channels leads to a poor user experience or may exclude certain end users

Success Story

Swedbank implements OneSpan’s Cronto technology to secure transactions and improve the customer experience

Customer

Swedbank is a leading bank with over 7 million retail customers, around 600,000 corporate customers and organizations, 172 branches in Sweden, and 122 branches in the Baltic countries. The group is also present in other Nordic countries, the US, and China

Challenge

Protect account access and online transactions from social engineering attacks without hindering the customer experience. 

Results

  • OneSpans’s Cronto solution helped achieve compliance with PSD2 authentication and dynamic linking requirements
  • Improved login and transaction siging experience – simple scan and sign
  • OneSpan Cronto solutions are available in a mobile and hardware version to accomodate every customer’s needs

The Solution

Easy and secure transaction signing that thwarts social engineering attacks

Security-Gray.svg
Mitigate Social Engineering Attacks

OneSpan’s Cronto solutions help prevent fraud and strenghten protection against Trojans, phishing, Man-in-the-middle (MiTM) and Man-in-the-browser (MiTB) attacks

User experience gray
Easiest User Experience

What you see is what you sign. Simple as that. All transaction data are encrypted and captured in a colored QR code, no manual input required. The user simply scans the code and signs the transaction

Dark purple, locked padlock with a light colored ring around it
Secure Channel and Transaction Authorization

Cronto takes the trust decision out of the user’s hands, ensuring that only the bank can initiate a transaction signature request. The secure channel enables message authenticity

Compliance gray
Achieve Compliance Requirements

Cronto solutions ticks all the boxes for PSD2 strong customer authentication (SCA) and dynamic linking requirements

Effortless-Deployment-Gray
Enable Hybrid Deployments

OneSpan’s Cronto solutions are available in software and hardware versions enabling a hybrid deployment to satisfy the needs of your entire customer base

Download arrow pointing down at a U-shaped box
Online and Offline Availability

OneSpan’s Cronto solutions can be used in a connected mobile mode as well as offline, ensuring your customer can do business with you anywhere, any time

Combat Online and Mobile Banking Threats

Mitigate Social Engineering Attacks

OneSpan Cronto solutions strenghten protection against account takeover and phishing attacks as well as banking Trojans, Man-in-the-Middle (MitM), and Man-in-the-Browser (MitB) attacks.

Cronto solutions create a unique authorization for each transaction using details such as payment recipients, account numbers, transaction amounts, or any other text or messaging the bank wants to send. This solution preserves data integrity and ensures authenticity, rendering any changes made to a transaction after it has been electronically signed invalid.
 

Simple Scan and Sign

Excellent User Experience

Cronto solutions enable fast adoption and are intuitive to use. The “what you see is what you sign” principle is ideally suited for banks and FIs looking to secure digital transactions without compromising on user experience. 

When a user initiates a banking transaction, the details of that transaction are encrypted and presented in a colored QR code. The user simply scans that code and signs the transaction. Cronto solutions offer a passwordless authentication method as no manual input is required to confirm banking transactions.
 

Secure Channel and Transaction Authorization

Take Control of Transaction Authorization

One of the biggest challenges in combating social engineering is educating and guiding the banking customer to recognize a scam before being tricked into authorizing fraudulent transactions. 

By deploying OneSpan Cronto solutions, the bank is in charge of the authorization process, and the trust decision is taken out of the user’s hands. Only the bank can initiate the creation of a Cronto code, and only the intended recipient’s device can scan the code. All data is encrypted and the secure communication channel ensures message authenticity – the transaction authorization request originates from the bank. In addition, banks can decide to visually alert their customers of high-risk transactions.

Cronto solutions work perfectly together with OneSpan’s Risk Analytics and Intelligent Adaptive Authentication Solutions. By combining solution stacks, banks can dynamically detect fraud, calculate risk scoring, and apply the right level of authentication for each unique transaction in real time.
 

Achieve PSD2 Compliance Requirements

Achieve PSD2 compliance in a quick and convenient manner with a seamless customer experience

OneSpan Cronto solutions meet PSD2’s Strong Customer Authentication (SCA) and dynamic linking requirements.

These solutions work according to the “What You See Is What You Sign” (WYSIWYS) principle. The payment information is encrypted into a visual code and is — after scanning — shown to the payer who can check the transaction details before signing.

With a “passwordless” approach, a user doesn’t have to trouble themselves with entering transaction data manually onto a device which will ensure fast adoption and high customer satisfaction.

Enable Hybrid Deployments

Satisfy your customers, offer them a solution tailored to their needs

Deploying a solution that ensures fast adoption and fits your customers’ needs can be challenging. OneSpan Cronto solutions are available in a mobile or hardware versions and work offline to deliver continuity when connectivity is poor. With Cronto, banks and financial institutions can deploy a solution that provides a consistent and secure user experience across digital channels while offering their customers a choice between a hardware or software authenticator.

Our customers use Cronto to...

Secure transactions and mobile banking application

The bank implemented Mobile Security Suite with Cronto to meet the PSD2 dynamic linking requirements and help mitigate human risk in banking transactions.

  • Securely sign transactions 
  • Protect the bank’s mobile banking application by integrating application security, biometric authentication, and Cronto technology
  • Meet PSD2 requirements
     

Provide a simple and convenient user experience for corporate users

Cronto helps the bank to secure transactions by enabling users to check transaction details, like amount and account number, before signing the transaction.

  • Exceptional customer experience
  • Counter trojans, such as man-in-the-browser or man-in-the-middle attacks, by establishing a secure connection between the device and the bank
  • Defend against sophisticated attacks, while meeting the PSD2 requirements.
     

Protect users from account takeover and mobile malware losses

Volkswagen Bank implemented OneSpan’s mobile application security to protect the bank’s financial transactions and help ensure PSD2 compliance while enabling a positive customer experience.

  • Develop and protect PhotoTAN-App, a standalone mobile authentication app solely used to sign transactions initiated either online or via a mobile device. 
  • Seamless customer experience
  • Comply with the PSD2 authentication and dynamic linking requirements