Comarch Cyber Security in Loyalty

Secure your clients data with tPro Mobile solution

tPro Mobile is a tool designed mainly for financial institutions, used for transaction authorization and authentication. It also works well wherever there is a need to ensure the confidentiality and integrity of information sent.

Thanks to the use of strong cryptography, tPro Mobile can be successfully applied in loyalty systems as a tool for two-component authorization. Points awarded in exchange for user activity are a kind of currency, and managing it opens the door to fraud. Today, it is clear that passwords are not enough and effective protection requires 2FA tools.

72% of airline loyalty programs have an issue with fraud

30% of airline programs reported the problem was growing rapidly year-on-year

10% of airline loyalty programs didn't know if they had a fraud problem

tPro provides protection against:

  • loss of access to accounts in the event of leakage of login data (phishing, mass leakage of databases),
  • Man-in-the-middle,
  • remote attacks and operations carried out on behalf of client
  • unauthorized change to balances.

PSD-2 Directive

tPro meets the stringent requirements of the PSD-2 Directive, and thanks to its mechanisms for monitoring the runtime environment, real-time threat detection and encrypted communication with the server, it can successfully act as a second component within loyalty systems for:

  • strong end-customer authentication (2FA),
  • authorization of customer operations,
  • authorization of operations performed within the system by employees (internal point transfers),
  • document signing.

The tool is convenient and provides a very high level of security, comparable to systems used in corporate banking. With support for biometric operations (fingerprint reader, facial recognition) and real-time analysis of the runtime environment, the access to critical services is easy and secure.

tpro mobile features

Mobile application

tPro Mobile is available as a mobile application for Android/iOS, and as a collection of programming libraries, which allows you to extend the existing products by a security layer. Integration with the tPro MobileSDK library can take place on several different layers, which provides great flexibility in integration with the existing processes in client's applications.

tPro Mobile is delivered together with the Comarch Authentication Server. It enables mobile token support on the back-end side. The basic element of this module is the central authentication system which manages data authorization and signature verification (including RSA/ECC cryptosystems). Thanks to such module organization, the client application can easily communicate with the server, leaving critical tasks on the server side.

Overall, the Comarch tPro solution coupled with AS server provides support for:

  • a variety of authentication methods based on the tPro product family,
  • strong, PSD-2-compliant client authentication
  • life cycle management of authentication methods adopted
  • RESTful API
  • integration with interfaces: RADIUS and LDAP services
  • integration with SIEM tools
  • strong transaction authentication and authorization
  • file signing
  • biometric authentication methods
  • anti-tampering mechanism (runtime environment analysis)

Look for Comarch Cyber Security solutions

Want to learn more?

Tell us about your business needs. We will find the perfect solution.