Business Challenge
Mitigate social engineering attacks and secure banking transactions for every single customer
Rigid Security Adds Friction to Customer Experience
Securing customers’ accounts and banking transactions often introduces extra friction and frustrates users
Combat Social Engineering Fraud
Social engineering techniques continue to evolve and are used at a large scale. These advanced social engineering techniques are carefully crafted to fool even the most security-minded person
Customer Journeys Are Not All the Same and Lack Consistency
Lack of integrated security between digital channels leads to a poor user experience or may exclude certain end users
Success Story
Swedbank implements OneSpan’s Cronto technology to secure transactions and improve the customer experience
Customer
Swedbank is a leading bank with over 7 million retail customers, around 600,000 corporate customers and organizations, 172 branches in Sweden, and 122 branches in the Baltic countries. The group is also present in other Nordic countries, the US, and China
Challenge
Protect account access and online transactions from social engineering attacks without hindering the customer experience.
Results
- OneSpans’s Cronto solution helped achieve compliance with PSD2 authentication and dynamic linking requirements
- Improved login and transaction signing experience – simple scan and sign
- OneSpan Cronto solutions are available in a mobile and hardware version to accomodate every customer’s needs
The Solution
Easy and secure transaction authorization (also known as transaction signing) that thwarts social engineering attacks
Mitigate Social Engineering Attacks
OneSpan’s Cronto solutions help prevent fraud and strengthen protection against Trojans, phishing, Man-in-the-middle (MiTM) and Man-in-the-browser (MiTB) attacks
Easiest User Experience
What you see is what you sign. Simple as that. All transaction data are encrypted and captured in a colored QR code, no manual input required. The user simply scans the code and signs the transaction
Secure Channel and Transaction Authorization
Cronto takes the trust decision out of the user’s hands, ensuring that only the bank can initiate a transaction signature request. The secure channel enables message authenticity
Achieve Compliance Requirements
Cronto solutions ticks all the boxes for PSD2 strong customer authentication (SCA) and dynamic linking requirements
Enable Hybrid Deployments
OneSpan’s Cronto solutions are available in software and hardware versions enabling a hybrid deployment to satisfy the needs of your entire customer base
Online and Offline Availability
Your customer can do business with you anywhere, any time as OneSpan’s Cronto solutions can be used in connected mobile mode as well as offline
Analyst Report
OneSpan Global Mobile App Security Vulnerabilities Report
Find out which types of apps are most susceptible to repackaging attacks—and what industry benchmarks you should use to assess your own level of app protection.
Download NowCombat Online and Mobile Banking Threats
Mitigate Social Engineering Attacks
OneSpan Cronto solutions strenghten protection against account takeover and phishing attacks as well as banking Trojans, Man-in-the-Middle (MitM), and Man-in-the-Browser (MitB) attacks.
Cronto solutions create a unique electronic banking signature for each transaction using details such as account numbers, transaction amounts or any other text or messaging the bank wants to send. This solution preserves data integrity and ensures authenticity, rendering any changes made to a transaction after it has been electronically signed, invalid.
Simple Scan and Sign
Excellent User Experience
Cronto solutions enable fast adoption and are intuitive to use. The “what you see is what you sign” principle is ideally suited for banks and FIs looking to secure digital transactions without compromising on user experience.
When a user initiates a banking transaction, the details of that transaction are encrypted and presented in a colored QR code. The user simply scans that code and signs the transaction. Cronto solutions offer a passwordless authentication method as no manual input is required to confirm banking transactions.
Case Study
Digital Bank NewB Relies on OneSpan's Cronto & App Shielding Technology
Learn how NewB's customers authenticate their financial transactions with OneSpan's Cronto® technology. Customers have a choice of software or hardware authenticator, but it's the same user experience for all.
Read NowSecure Channel and Transaction Authorization
Take Control of Transaction Authorization
One of the biggest challenges in combating social engineering is educating and guiding the banking customer to recognize a scam before being tricked into authorizing fraudulent transactions.
By deploying OneSpan Cronto solutions, the bank is in charge of the authorization process, and the trust decision is taken out of the user’s hands. Only the bank can initiate the creation of a Cronto code, and only the intended recipient’s device can scan the code. All data is encrypted and the secure communication channel ensures message authenticity – the transaction authorization request originates from the bank. In addition, banks can decide to visually alert their customers of high-risk transactions.
Cronto solutions work perfectly together with OneSpan’s Risk Analytics and Intelligent Adaptive Authentication Solutions. By combining solution stacks, banks can dynamically detect fraud, calculate risk scoring, and apply the right level of authentication for each unique transaction in real time.
Achieve PSD2 Compliance Requirements
Achieve PSD2 compliance in a quick and convenient manner with a seamless customer experience
OneSpan Cronto solutions meet PSD2’s Strong Customer Authentication (SCA) and dynamic linking requirements.
These solutions work according to the “What You See Is What You Sign” (WYSIWYS) principle. The payment information is encrypted into a visual code and is — after scanning — shown to the payer who can check the transaction details before authorizing it.
With a “passwordless” approach, a user doesn’t have to trouble themselves with entering transaction data manually onto a device which will ensure fast adoption and high customer satisfaction.
Enable Hybrid Deployments
Satisfy your customers, offer them a solution tailored to their needs
Deploying a solution that ensures fast adoption and fits your customers’ needs can be challenging. OneSpan Cronto solutions are available in a mobile or hardware versions and work offline to deliver continuity when connectivity is poor. With Cronto, banks and financial institutions can deploy a solution that provides a consistent and secure user experience across digital channels while offering their customers a choice between a hardware or software authenticator.
Our customers use Cronto to...
Secure transactions and mobile banking application
The bank implemented Mobile Security Suite with Cronto to meet the PSD2 dynamic linking requirements and help mitigate human risk in banking transactions.
- Securely sign transactions
- Protect the bank’s mobile banking application by integrating application security, biometric authentication, and Cronto technology
- Meet PSD2 requirements
Provide a simple and convenient user experience for corporate users
Cronto helps the bank to secure transactions by enabling users to check transaction details, like amount and account number, before authorizing the transaction.
- Exceptional customer experience
- Counter trojans, such as man-in-the-browser or man-in-the-middle attacks, by establishing a secure connection between the device and the bank
- Defend against sophisticated attacks, while meeting the PSD2 requirements.
Protect users from account takeover and mobile malware losses
Volkswagen Bank implemented OneSpan’s mobile application security to protect the bank’s financial transactions and help ensure PSD2 compliance while enabling a positive customer experience.
- Develop and protect PhotoTAN-App, a standalone mobile authentication app solely used to sign transactions initiated either online or via a mobile device.
- Seamless customer experience
- Comply with the PSD2 authentication and dynamic linking requirements
E-book
Use Case Catalogue
Our solution portfolio supports secure, simple end-to-end experiences for your clients. Find out how.
Read now