tPro Mobile Overview
The financial industry has been a leader in data security for years. It is banks, brokerage companies, insurers, leasing companies and other financial market entities that are particularly motivated to incur data security expenses, for the sake of both employees and customers. This is because financial services are one of the areas most vulnerable to cyber attacks of any kind.
While it’s often shrouded in secrecy, many cybersecurity innovations originated in the financial sector. And because "money likes silence", the financial sector is trying to stay ahead of hackers' ingenuity.
There are many ways to gain unauthorized access to services and each day brings new vulnerabilities. Classification of those starts with account breach attempts or data theft (either as a result of an attack or leakage of access data from other services). More sophisticated methods include attempts to interfere with order details, or attacks using 2SV (two-step verification).
Recent years have shown that the most effective method of securing the access to payment instruments are 2FA tools in the form of hardware tokens or advanced mobile solutions. Especially those that guarantee the undeniability of the presented data and take proper care of the security of user cryptographic material.
The tPro ECC solution is a proprietary hardware token based on the strength of elliptical curves cryptography, which are currently the most efficient cryptosystem on the market, providing a higher level of security than RSA keys of the same length. Additionally, the token is equipped with an HPD (Human Presence Detection) mechanism, which makes it resistant to all kinds of remote attacks. Each authorization requires the user to press a button located on the housing of the device. The device communicates with the browser using its own protocol, and the communication itself does not require any browser extensions to be installed. Local service on the workstation ensures security and integrity of content being presented.
The tPro Mobile token is an example of an advanced mobile tool for transaction authorization and strong user authentication. The solution has been designed to meet the rigorous requirements of the PSD-2 directive. The tPro Mobile solution ensures security, uniqueness and integrity of the authorization code at every stage of its generation, as well as the integrity of the presented transfer data. Compatibility with the solution can can work on three layers:
Such division allows for quick and convenient integration even in case of already existing mobile applications, where tPro Mobile is offered as a collection of tPro MobileSDK programming libraries. This makes it possible to add a security layer to the existing applications, while maintaining all the token’s advantages.
Comarch Cyber Threat Protection is an online threat prevention and anti-identity theft platform for workstations and mobile devices.
The platform tracks both end-user activity and their devices to calculate partial and general scoring for authentication, authorization, or any other operations. The scoring is reflective of device recognition and cyber threat-repository data. For this purpose, a lot of different artifacts are collected, based on tamper detection, or browser and device fingerprints.
The CTP platform is a rule-based system that collects and utilizes indicators to evaluate the risks related to the end-user activity. The solution has a modular structure and can be delivered as-is or as an SDK library.
