Money Transfers

Secure your banking transactions, boost confidence in your online and mobile channels, and provide a consistent user experience for every single customer

Business Challenge

Mitigate social engineering attacks and secure banking transactions for every single customer

Mobile device with a thumbprint and a one-time password

Rigid Security Adds Friction to Customer Experience

Securing customers’ accounts and banking transactions often introduces extra friction and frustrates users

Access Rights Management

Combat Social Engineering Fraud

Social engineering techniques continue to evolve and are used at a large scale. These advanced social engineering techniques are carefully crafted to fool even the most security-minded person 

Customer Case Study

Customer Journeys Are Not All the Same and Lack Consistency

Lack of integrated security between digital channels leads to a poor user experience or may exclude certain end users

Success Story

Swedbank implements OneSpan’s Cronto technology to secure transactions and improve the customer experience


Swedbank is a leading bank with over 7 million retail customers, around 600,000 corporate customers and organizations, 172 branches in Sweden, and 122 branches in the Baltic countries. The group is also present in other Nordic countries, the US, and China


Protect account access and online transactions from social engineering attacks without hindering the customer experience. 


  • OneSpans’s Cronto solution helped achieve compliance with PSD2 authentication and dynamic linking requirements
  • Improved login and transaction signing experience – simple scan and sign
  • OneSpan Cronto solutions are available in a mobile and hardware version to accomodate every customer’s needs

The Solution

Easy and secure transaction authorization (also known as transaction signing) that thwarts social engineering attacks


Mitigate Social Engineering Attacks

OneSpan’s Cronto solutions help prevent fraud and strengthen protection against Trojans, phishing, Man-in-the-middle (MiTM) and Man-in-the-browser (MiTB) attacks

Customer Experience

Easiest User Experience

What you see is what you sign. Simple as that. All transaction data are encrypted and captured in a colored QR code, no manual input required. The user simply scans the code and signs the transaction


Secure Channel and Transaction Authorization

Cronto takes the trust decision out of the user’s hands, ensuring that only the bank can initiate a transaction signature request. The secure channel enables message authenticity


Achieve Compliance Requirements

Cronto solutions ticks all the boxes for PSD2 strong customer authentication (SCA) and dynamic linking requirements

Easy to Integrate

Enable Hybrid Deployments

OneSpan’s Cronto solutions are available in software and hardware versions enabling a hybrid deployment to satisfy the needs of your entire customer base


Online and Offline Availability

Your customer can do business with you anywhere, any time as OneSpan’s Cronto solutions can be used in connected mobile mode as well as offline

OneSpan Global Mobile App Security Vulnerabilities Report
Analyst Report

OneSpan Global Mobile App Security Vulnerabilities Report

Find out which types of apps are most susceptible to repackaging attacks—and what industry benchmarks you should use to assess your own level of app protection. 

Download Now

Combat Online and Mobile Banking Threats

Mitigate Social Engineering Attacks

OneSpan Cronto solutions strenghten protection against account takeover and phishing attacks as well as banking Trojans, Man-in-the-Middle (MitM), and Man-in-the-Browser (MitB) attacks.

Cronto solutions create a unique electronic banking signature for each transaction using details such as account numbers, transaction amounts or any other text or messaging the bank wants to send. This solution preserves data integrity and ensures authenticity, rendering any changes made to a transaction after it has been electronically signed, invalid.

Simple Scan and Sign

Excellent User Experience

Cronto solutions enable fast adoption and are intuitive to use. The “what you see is what you sign” principle is ideally suited for banks and FIs looking to secure digital transactions without compromising on user experience. 

When a user initiates a banking transaction, the details of that transaction are encrypted and presented in a colored QR code. The user simply scans that code and signs the transaction. Cronto solutions offer a passwordless authentication method as no manual input is required to confirm banking transactions.

Digital Bank NewB Relies on OneSpan's Cronto & App Shielding Technology
Case Study

Digital Bank NewB Relies on OneSpan's Cronto & App Shielding Technology

Learn how NewB's customers authenticate their financial transactions with OneSpan's Cronto® technology. Customers have a choice of software or hardware authenticator, but it's the same user experience for all.

Read Now

Secure Channel and Transaction Authorization

Take Control of Transaction Authorization

One of the biggest challenges in combating social engineering is educating and guiding the banking customer to recognize a scam before being tricked into authorizing fraudulent transactions. 

By deploying OneSpan Cronto solutions, the bank is in charge of the authorization process, and the trust decision is taken out of the user’s hands. Only the bank can initiate the creation of a Cronto code, and only the intended recipient’s device can scan the code. All data is encrypted and the secure communication channel ensures message authenticity – the transaction authorization request originates from the bank. In addition, banks can decide to visually alert their customers of high-risk transactions.

Cronto solutions work perfectly together with OneSpan’s Risk Analytics and Intelligent Adaptive Authentication Solutions. By combining solution stacks, banks can dynamically detect fraud, calculate risk scoring, and apply the right level of authentication for each unique transaction in real time.

Achieve PSD2 Compliance Requirements

Achieve PSD2 compliance in a quick and convenient manner with a seamless customer experience

OneSpan Cronto solutions meet PSD2’s Strong Customer Authentication (SCA) and dynamic linking requirements.

These solutions work according to the “What You See Is What You Sign” (WYSIWYS) principle. The payment information is encrypted into a visual code and is — after scanning — shown to the payer who can check the transaction details before authorizing it.

With a “passwordless” approach, a user doesn’t have to trouble themselves with entering transaction data manually onto a device which will ensure fast adoption and high customer satisfaction.

Enable Hybrid Deployments

Satisfy your customers, offer them a solution tailored to their needs

Deploying a solution that ensures fast adoption and fits your customers’ needs can be challenging. OneSpan Cronto solutions are available in a mobile or hardware versions and work offline to deliver continuity when connectivity is poor. With Cronto, banks and financial institutions can deploy a solution that provides a consistent and secure user experience across digital channels while offering their customers a choice between a hardware or software authenticator.

Our customers use Cronto to...

Secure transactions and mobile banking application

The bank implemented Mobile Security Suite with Cronto to meet the PSD2 dynamic linking requirements and help mitigate human risk in banking transactions.

  • Securely sign transactions 
  • Protect the bank’s mobile banking application by integrating application security, biometric authentication, and Cronto technology
  • Meet PSD2 requirements

Provide a simple and convenient user experience for corporate users

Cronto helps the bank to secure transactions by enabling users to check transaction details, like amount and account number, before authorizing the transaction.

  • Exceptional customer experience
  • Counter trojans, such as man-in-the-browser or man-in-the-middle attacks, by establishing a secure connection between the device and the bank
  • Defend against sophisticated attacks, while meeting the PSD2 requirements.

Protect users from account takeover and mobile malware losses

Volkswagen Bank implemented OneSpan’s mobile application security to protect the bank’s financial transactions and help ensure PSD2 compliance while enabling a positive customer experience.

  • Develop and protect PhotoTAN-App, a standalone mobile authentication app solely used to sign transactions initiated either online or via a mobile device. 
  • Seamless customer experience
  • Comply with the PSD2 authentication and dynamic linking requirements
OneSpan Product Use Case Catalog

Use Case Catalogue

Our solution portfolio supports secure, simple end-to-end experiences for your clients. Find out how.

Read now