Comarch tPro Mobile

tPro Mobile for mobile banking security

tPro Mobile is a mobile platform supporting strong user authentication and transaction authorization in accordance with the PSD2 directive. It consists of an external application and development libraries to be integrated with the existing products.

tpro advantages

Its security mechanisms, based on strong cryptography, along with internal mechanisms analyzing the platform’s behavior ensure a high level of both security and convenience. tPro Mobile comes with a number of tools that make it difficult for third parties to launch an attack and intercept relevant data. Full OATH compatibility allows the application to be used as a second vector of authentication for services such as email and social networks.


tPro Mobile Overview

tablet

Authentication

The platform provides a wide range of authentication mechanisms, from traditional PIN codes up to fingerprint and face recognition authentication. With full OATH compatibility, tPro Mobile can be used as an additional component of 2FA authentication for critical resources such as email, administration panels, and social media. Using programming libraries that come with the platform, it is also possible to integrate tPro Mobile with the existing products quickly.

authorization

Authorization

What you see is what you sign – this, in short, is the principle the tPro Mobile platform builds upon. Its real-time threat detection mechanisms allow you to easily spot potentially dangerous factors such as configuration gaps and suspicious activities in the platform itself. Interactive data entry protects you against switching key transaction data, e.g. such as IBAN or transfer amount. The information on activities within the protected resources is delivered to you by means of a PUSH notification (instead of text message). The solution architecture along with the pairing procedure protect you from the platform being cloned and accessed by unauthorized third parties. The offline mode lets you generate the authorization code for transactions even if your device is out of range. Additionally, the tPro Mobile solution implements a number of mechanisms that hide information about the results of security-sensitive operations (such as entering a PIN code).

Proactive mode

In order to minimize the fraud risk, tPro Mobile comes with various transaction authorization variants. From a standard variant – which takes pressing a button – up to an interactive one where the user is asked to re-enter portions of critical data before confirming a transaction. Such a scenario allows the user to be involved in the process of transfer authorization so that potential anomalies can be detected before the actual money is sent. tPro Mobile can also store transactions offline by means of dynamically generated authorization code. Apart from strong cryptography, the user security is also ensured by a number of monitoring mechanisms detecting threats in real time.

data safety

Security

  • authentication using biometrics
  • face authentication with faceID (iPhone X)
  • fingerprint authentication with touchID
  • mechanisms for monitoring the internal state of the application
  • root detection
  • jailbrake detection
  • debugging detection
  • simulator mode detection
  • two-component pairing process (QR + SMS)
  • encrypted communication with the authentication server
  • elliptical curve cryptography

person in front of the computer

OATH compliance

tPro Mobile offers strong customer authentication and transaction authorization using the HOTP, TOTP and OCRA algorithms adopted by the Initiative for Open Authentication (OATH).

Comarch tPro Mobile security features

tpro mobile
Download the Comarch Transaction Protection leaflet

Download tPro Solutions leaflet

Read more about how to protect your customers from internet frauds

Download

Comarch Transaction Protection family

Comarch Cyber Security clients
Want to learn more?

Tell us about your business needs. We will find the perfect solution.