Pain points

As the mobile financial environment has become more common and non-face-to-face financial transactions have increased, use of financial service apps is also rising. However, financial damages cases are also rapidly growing as they have become targets of various forms of hacking. Financial service companies introduce numerous security and authentication methods to protect consumers, but various issues arise in the process of using them. In fact, network-based payment tokens are difficult to use in an environment where communication is unstable, and user convenience can be compromised when a financial service app has a step-by-step user authentication process.

Solutions

SSenStone generates non-duplicate dynamic codes through our patented OTAC (One-Time Authentication Code) algorithm even in off-the-network environments without extra infrastructure. See the case of Doku e-wallet infrastructure . The generated verification code replaces the ID/PW and card number based on a fixed value.

A dynamic code that is safe from hacking and leaks is generated.
Dynamic codes are continuously changed even in an environment without a communication network
The dynamic code alone identifies the owner (combining identification and authentication steps).
Dynamic codes have a 0% chance of being duplicated.
All functions can be implemented without changing the existing infrastructure.

Expected Effects with OTAC Dynamic PAN

-Reduction of operating costs by shortening verification time

Recently, hackers who attack IoT devices often manipulate the device firmware to download illegal firmware or plant malware on the device. SSenStone uses hashes of firmware files as a seed when generating OTAC to verify and execute only OTA commands sent from valid IoT servers. Therefore, since the download command from the unauthorized system itself is not approved by the device, it can naturally block the occurrence of illegal software downloads. OTAC Dynamic PAN provides a dynamic payment token generated from the user's mobile device during offline payment. Consumers can use the token to pay using the existing payment infrastructure of the shop or store to the financial service server. It not only reduces the operating cost by shortening the verification time compared to the token server that always requires communication networks, but also supports an environment where users can make payments with zero inconvenience even when offline. In addition, a shop that does not introduce 3D Secure authentication can also prevent payment incidents caused by the leakage of a user's card number, thereby you can reduce the cost of compensation for payment incidents.

-Convenience and security enhancement using dynamic codes

OTAC Dynamic PAN is generated by the user's device and undergoes authentication processes such as fingerprint, iris, and PIN in their device. As it can be used in the same way as the existing card payment method without additional authentication process, it is much simpler. Also, an online shop without 3D Secure authentication allows consumers to pay only with the dynamic payment token provided in the form of a card number, preventing theft and misuse of the card number and enhancing security.

OTAC Device Authentication Token

SSenStone’s OTAC Device Authentication Token generates a new OTAC on the user's device every time, even in an off-the-network environment, and provides it as a dynamic code that can act as 'ID + password + OTP' used for payment authentication. Consumers can also securely store unique values in their devices. In addition, by periodically sending a dynamic code valid only at the present time from the user's device to the server of the financial company, it is possible to check whether the user's device is accessing it from a normal customer's device by a one-way (uni-directional) verification of the received dynamic code.

Expected Effects with OTAC Device Authentication Token

-Support for abnormal transaction detection through device authentication

Since a significant number of financial-related hacking cases involve hackers impersonating users from other devices, many financial companies use fraud detection system (FDS) to defend against hackers targeting electronic financial transactions. However, the FDS method which collects and analyses various information from the payer, requires not only device information but also a large amount of transaction information. It means device authentication for each transaction on FDS is essential. OTAC Device Authentication Token can be used together with FDS to enhance security or replace the functions of FDS.

-Provides convenience through simplified user authentication

Because of the importance of security, financial service apps go through at least two factor authentication (2FA) when making payments or money transfers in addition to logging in. This process not only makes users uncomfortable, but also slows down the speed of the app due to the increase in resources required for authentication. OTAC Device Authentication Token eliminates the inconvenience of frequent logout or re-login when using the platform by reducing unnecessary user authentication steps through device authentication using dynamic codes and extending the session between financial service apps and servers through OTAC verification.

Why OTAC

OTAC, developed by SSenStone, is the original technology that provides all of the following features at the same time.

OTAC is a dynamic code, which means the code keeps changing. As a result, you don’t need to worry about any leak of your personal information, such as your card details, because the codes must have already been changed when others try to use them.
The network connection is NOT necessary at all for generating OTAC.

Reducing an authentication stage that requires the network connection directly means there are fewer gateways for the hackers to access our personal information.

Moreover, this feature enables users to authenticate even when they are in networkless environments, such as on the plane, underground, rural or foreign areas.
swIDch can guarantee that the code never duplicates with anyone at any given moment.

There is NO chance of someone else having the same code.
The users or their devices can be identified with the code alone.

Once OTAC has been generated, providing OTAC alone is already fully sufficient to identify the user as the code is unique.

It means, you can forget about the bundles of static information including IDs and passwords.

The University of Surrey, one of the leading global cyber security companies in the UK, conducted OTAC algorithm analysis and academic verification of SSenStone. For the full text of the thesis, please visit the University of Surrey website and download the report.

University of Surrey Website Download the Report

Contact Us

Improve your authentication environment and
make your service reliable with SSenStone!

Inquire now.

5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea

Contact below if you have an urgent inquiry.

Korea Office (SSenStone)

5F, 329, Cheonho-daero Dongdaemun-gu, Seoul, Republic of Korea (02622)

Tel : 02-569-9668 | Fax : 02-6455-9668

im@ssenstone.com

UK Office (swIDch)

Office 158, 1st Floor, 3 More London Riverside, London, England, SE1 2RE

Tel : 020-3283-4081

info@swidch.com

OTAC Dynamic Token