Okay LogoOkay Logo

Okay and United Biometrics join forces

29/05/2020

artifact

To provide authentication security to the entire chain of corporate payment, from PC authentication to transaction validation and authentication on mobile, we are proud to announce our partnership with United Biometrics.

Although corporate payments are an exception of the PSD2 RTS, it is obvious that they require extensive security at authentication points. The amounts at stake are such that corporate payments are a very attractive target to attackers.

How fraudsters could attack corporate payments is a topic of a previous article in the SCA challenges series.

United biometrics in a few words

United Biometrics brings years of R&D in the field of biometrics authentication methods, spanning all devices and OSes. Their patented technology is used across many sectors where strong authentication security is required to protect critical applications: banks and insurance, industry and manufacturing, governments, and of course other corporate applications. 

With their product Dual Authenticator, United Biometrics help organisations secure vital authentication points with a combination of two different biometrics recognition factors amongst: 

  • Fingerprint 
  • Behavioural secret path lock signature 
  • Voice
  • Iris
  • Behavioural keystrokes dynamics
  • Face 
  • Talking Face 

Protecting corporate payments together

When applied to corporate payments, Dual Authenticator protects the access of treasurers to the banking corporate portal or to the IBAN/ Siret vaults for suppliers’ information modification. This replaces weak methods - like passwords- with strong security. 

Corporate payments are still mostly performed from a PC. Mobile usage for payment is not as pervasive amongst corporate users as it with individuals for consumer payment. However, some corporate payments require higher approvals, depending on the internal policy. For corporate executives constantly on the move or in meetings, being able to safely validate a transaction on the fly via their smartphones can be very handy. 

Dual authenticator works with all mobile OSes, and Okay can make sure that the transaction information displayed on the smartphone is the right one, using proved PSD2 SCA mechanisms to protect the transaction validation environment when it is performed with:

  • Passive and active overlay attacks detection
  • Robot attack detection 
  • Malware attack detection, even rooted malware 

Treasurers and corporate executives alike are obvious targets for attackers. According to Symantec 6,000 corporations in the world are hacked by President Fraud every month And remember, an attacker would first try to listen – which we want to prevent- before planning the attack and executing it.  

The association between United Biometrics and Okay technologies brings strong and GDPR compliant security to the entire corporate payment validation chain, with the flexibility needed to adapt to corporate executives’ mobility.