Transaction Signing: it wasn't me?

Posted on April 14, 2017 by Mathijs Brand

Buy a pair of shoes. Get the extras on your car insurance. How many online transactions do you do in a week? Do you ever wonder what would happen if the other party would say: "You also bought this and this". Where is the proof you didn't? Companies have the same problem the other way around. How can they prove you did the transaction? What if you would just say: "it wasn't me"? It's a trust economy. Once the trust is broken, the transactions stop.

Start using your customer's mobile device for a signature. Fast, traceable and secure. Maybe you need a pincode on top. Or maybe a QR code scan or fingerprint? Enter transaction signing in the Onegini MSP 3.1. I'll explain the technical details, the options you can use to configure it, and how it works functionally. Tracable. No man in the middle. No hard thinking. At the heart of it all lies a user's private key and a lot of cryptography and legislation you don't have to worry about.

Every party wants to be sure their transaction is backed up with proof.  That must be some technical, legal thing in the background. If a shop lets you think too long, you will rethink your purchase. Need to look up some password? Sales drop. Where did I leave my e-identifier? Sales drop. Insurance companies or banks often suffer from the sales drop rates. But "sssshhh" about this. A lot of your competitors are still asleep. 

In the video below you'll get the basic idea:

Transaction Signing from Mathijs on Vimeo.

For every transaction you need proof. For every transaction type you have options. At the core of the solution is a mobile push message sent to a phone with a fallback to SMS if needed. The business decides the actions (sign multiple transactions, buy a mortgage or a shoe) and the required security action that goes along with it (fingerprint, pincode, QR etc). For each transaction the Onegini platform records all the required data for proof later. The proof that the customer used their private key. The signed data may be a json, a basic text, a whole document. You decide. 

See below a high level flow between the components:

Transaction signing.png

Don't have a mobile app?

Maybe you just have a responsive website, or the process is owned by another department and it's difficult to get in? No worries. Onegini has developed an authenticator app. It's simple and customizable. You can just use it to sign the transactions as a second factor. 

Transaction signing using private keys has been enabled in MSP 3.1. Read here how to enable it or contact Onegini on how to get the authenticator app and make a jump into the year 2017 in no-time. 

 

Bizcuit by Minox

Bizcuit makes accounting easier for entrepeneurs. The platform utilizes the Onegini transaction signing solution to bulk sign a number of transactions from various bank at the same time. For Bizcuit customers life is easier. All the transactions can be signed in one go on one platform using only a mobile device. 

More about Minox and Bizcuit

 

White paper: Digital Transformation Insurance Companies