Nedbank plans to implement an interactive transaction authentication (ITA) system, designed by Stellenbosch based Entersekt, a mobile technology company offering banks an innovative solution for secure online and mobile banking. Known as 'Approve-it', it will provide greater protection against online fraud for their customers.
Schalk Nolte, CEO of Entersekt says, "Banks worldwide are recognizing the value of using mobile devices as an additional security device for online banking. However most banks currently send one-time passwords" (OTP) by SMS to their customers who wish to execute sensitive online transactions.
The weakness in this system is that the customer is then required to enter the OTP onto the bank's online site. If the bank's internet site is mimicked by a fraudster (i.e. a phishing site), the transaction is compromised. This solution eliminates this type of fraud in a customer friendly way. The bank sends a customer a cellphone prompt to confirm or deny a sensitive transaction through a simple "accept" or "reject" response, protecting the customer from current phishing scams, which lure customers to enter an OTP into a fake site. In addition, it eliminates the hassle to the customer of keying in the OTP as the transaction is confirmed directly with the bank by way of an independent and direct cellphone response.
The company has seen significant interest from banks in both the UK and Europe, which resulted in Entersekt opening an office in the UK recently.
Fred Swanepoel, Nedbank Group's technology executive, says, "The bank's digital strategy is ultimately to be digital in everything that we do for clients. We have spent the last two years developing software to support our vision for our clients' digital experience. Our priority is to make our clients' digital interface with the bank secure, not only to protect our clients, but also to empower them to do all their transactional banking anywhere, anytime. Our architecture (of which ITA is one part), which has been two years in development in collaboration with Entersekt, will allow Nedbank to roll out banking widgets and applications quickly to all its digitally enabled customers in all segments of the market from those with entry level cell phones to smart phones and tablets. The product is the first of many digital products that the bank will be releasing this year."
Entersekt's chief technical officer, Christiaan Brand, explains, "People are becoming increasingly more mobile and are demanding secure, access to applications from anywhere. Entersekt offers a platform for banks to provide their customers with end-to-end security. Our underlying security platform allows our customers to offer secure online banking plus provides a foundation for full function mobile banking."
He says that in non-technical language it means that a confirmation request, which includes details of each sensitive transaction (add a beneficiary, once off payment, etc) is sent to the client's mobile phone. The client can then choose to either accept or reject the transaction.
"It's been a privilege to work with the bank's team who understand that innovation and customer security are tightly coupled," he concludes.