Solutions

SSenStone generates non-duplicate dynamic codes through our patented OTAC (One-Time Authentication Code) algorithm even in off-the-network environments without extra infrastructure. See the case of Doku e-wallet infrastructure . The generated verification code replaces the ID/PW and card number based on a fixed value.

• A dynamic code that is safe from hacking and leaks is generated.
• Dynamic codes are continuously changed even in an environment without a communication network
• The dynamic code alone identifies the owner (combining identification and authentication steps).
• Dynamic codes have a 0% chance of being duplicated.
• All functions can be implemented without changing the existing infrastructure.

OTAC Dynamic PAN

SSenStone’s OTAC Dynamic PAN generates a dynamic card number that changes each time instead of fixed card information to prevent financial accidents caused by card number leakage. The dynamic card number generated based on the OTAC algorithm, the original technology of SSenStone, can be issued and registered in the same way as the existing payment process. You can use it as a payment token even if communication with the server is restricted.

Expected Effects with OTAC Dynamic PAN

-Reduction of operating costs by shortening verification time

Recently, hackers who attack IoT devices often manipulate the device firmware to download illegal firmware or plant malware on the device. SSenStone uses hashes of firmware files as a seed when generating OTAC to verify and execute only OTA commands sent from valid IoT servers. Therefore, since the download command from the unauthorized system itself is not approved by the device, it can naturally block the occurrence of illegal software downloads. OTAC Dynamic PAN provides a dynamic payment token generated from the user's mobile device during offline payment. Consumers can use the token to pay using the existing payment infrastructure of the shop or store to the financial service server. It not only reduces the operating cost by shortening the verification time compared to the token server that always requires communication networks, but also supports an environment where users can make payments with zero inconvenience even when offline. In addition, a shop that does not introduce 3D Secure authentication can also prevent payment incidents caused by the leakage of a user's card number, thereby you can reduce the cost of compensation for payment incidents.

-Convenience and security enhancement using dynamic codes

OTAC Dynamic PAN is generated by the user's device and undergoes authentication processes such as fingerprint, iris, and PIN in their device. As it can be used in the same way as the existing card payment method without additional authentication process, it is much simpler. Also, an online shop without 3D Secure authentication allows consumers to pay only with the dynamic payment token provided in the form of a card number, preventing theft and misuse of the card number and enhancing security.

OTAC Device Authentication Token

SSenStone’s OTAC Device Authentication Token generates a new OTAC on the user's device every time, even in an off-the-network environment, and provides it as a dynamic code that can act as 'ID + password + OTP' used for payment authentication. Consumers can also securely store unique values in their devices. In addition, by periodically sending a dynamic code valid only at the present time from the user's device to the server of the financial company, it is possible to check whether the user's device is accessing it from a normal customer's device by a one-way (uni-directional) verification of the received dynamic code.

• Embedment of OTAC generation module in the user's app

To generate a unique OTAC, the unique value is safely stored in the user's mobile device, and a valid OTAC is generated and transmitted at every point in time

• Embedment of OTAC verification module in financial company server

It verifies the periodically transmitted OTAC and assigns a unique value to each user.

Expected Effects with OTAC Device Authentication Token

-Support for abnormal transaction detection through device authentication

Since a significant number of financial-related hacking cases involve hackers impersonating users from other devices, many financial companies use fraud detection system (FDS) to defend against hackers targeting electronic financial transactions. However, the FDS method which collects and analyses various information from the payer, requires not only device information but also a large amount of transaction information. It means device authentication for each transaction on FDS is essential. OTAC Device Authentication Token can be used together with FDS to enhance security or replace the functions of FDS.

-Provides convenience through simplified user authentication

Because of the importance of security, financial service apps go through at least two factor authentication (2FA) when making payments or money transfers in addition to logging in. This process not only makes users uncomfortable, but also slows down the speed of the app due to the increase in resources required for authentication. OTAC Device Authentication Token eliminates the inconvenience of frequent logout or re-login when using the platform by reducing unnecessary user authentication steps through device authentication using dynamic codes and extending the session between financial service apps and servers through OTAC verification.

Insights