In the world of digital payment transaction, customers often must rely on financial institutions to keep their information and transactions safe, especially during issuance and delivery. When personal identification numbers (PINs) or password or sensitive data are built into the process, financial service providers must efficiently and effectively make the process seamless and secure for customers.

Many Web-oriented systems today are provided with simple security measures such as the Secure Socket Layer (SSL) technology. In addition passwords are globally accepted as a minimum requirement for the identification of system users. Unfortunately both these techniques are open to misuse and many do not understand the limited nature of the protection they provide. While such mechanisms may be acceptable for some, criminals are attracted to the gains that can easily be made from attacks on web based facilities run by Banks. Money movements between accounts open the possibility of losses that may run out of control, undetected, if not suitably protected.

The standard SSL technology can only protect against attacks from the Internet. Once the data arrives at the Web Server it is automatically converted back to its unprotected form rendering it open to attack. We should also note that attacking a message in transit across the Internet is both difficult and not very rewarding compared to the amount of effort needed. In contrast, web servers represent concentrations of several thousand times of this information and are therefore a much more attractive target for the criminal.

End-to-End Encryption solution designed to securely deliver PIN, password, sensitive data and lower the risk of fraud that occurs when PIN mailer letters are intercepted en route to customers.

  • User Authentication based on password verification from encrypted password
    sent from the client/mobile app to the Web Server.
  • Message Authenticity based on the use of standard sent from the client/mobile app to the Web Server.
  • Data Privacy based on the use of 3DES/AES encryption of messages sent to and
    received from the Web Server.
  • A HSM (Hardware Security Module) sited at the Web Server or
    Application Server which provides the cryptographic interface between the internet environment and for verification system.

SecurePass E2EE

SecurePass E2EE is a perfect example of how we strive to make delivery PIN or password in mobile app secure and convenient for the customers. Constantly seeking to adapt our products and services such that they fit in with their modern lifestyles.