ViCA the virtual chip card application, recommended for financial institutions to comply with PSD2 guidelines, has been complemented with additional new feature.
The ViCA application created by Cardinal Ltd. is a mobile authentication tool, which supports the requirements of the two-factor, strong customer authentication procedure (SCA) required by the European Union’s PSD2 Directive and its regulatory technical standards (EBA-RTS). The application is available on Android, on iOS, and on Windows platforms.
To ensure the operation in accordance with the provisions prescribed in EBA-RTS, several Hungarian financial institutions have chosen the ViCA application, and currently nine of them provide it to their clients.
The app has been well-received due to its mobile existence, whereby its use is not physically located. We anticipate that ViCA may gain a significant penetration in addition to the current password + SMS and hard token signing devices even in short term.
When introducing ViCA app it could communicate with Electra systems only. In view of the increasingly stringent banking security requirements, banks impose an obligation to personalize customers digitally for an increasing number of services. To meet this prerequisite of financial institutions, we established the ViCA Micro Server (VMS) in 2019. By using VMS, the SCA can be provided to fulfill the need of different banking system components beyond Electra and provide SCA services to all processing systems of the bank.
The ViCA Micro Server enables the introduction of new, value-added services, which can promote the relationship between the bank and its customer in even flexible manner.
Deploying VMS in a banking environment allows you to access an additional feature of the ViCA application: sending and receiving and managing messages of different types and contents initiated from other banking processing and communication systems on customers’ mobile devices. The service is cost-effective, as banks can forward their targeted messages to individual users free of charge.
The messages can be as follows:
▪ Balance of specific accounts,
▪ Transaction notifications,
▪ Orders not fulfilled or rejected,
▪ Request to Pay messages received,
▪ Access to new order packages waiting to be signed,
▪ Loan repayments due,
▪ Payment deadline warnings,
▪ Monitoring service configured to use the credit card or a bank account,
▪ Banking broadcasts,
▪ Personalized banking product offers, promotional campaigns, and
▪ Other messages.
Due to the implementation of VMS, the application is capable of transmitting messages from systems other than the Electra system via a suitable API as well.
Until the ViCA application will not be open on the user’s mobile device, the phone will display a push notification on the user’s device about the fact that a message has been sent to the ViCA application. It is important that the push notification itself does not contain any personal or business information.
Next time when the mobile application is opened, the user’s ViCA application is connected to the VMS, from where the specific message, together with its entire content arrives on the user’s mobile device via an SSL-protected channel.
Incoming messages are displayed on the touch screen in a transparent, tabular format according to their “subject”. If, in addition to the information sent in the “subject” field, the bank has also placed additional message content, clicking on the “subject” will display the entire content of the message in a view in ViCA. If the user closes the message after reading, she returns to the push notifications summary table.
ViCA’s messaging service is language-dependent, that means if the “subject” has been sent in more than one language, ViCA will recognize it and show the content in the language set by the application only to the user.
The system compiles statistics on ViCA messages sent by the bank, which can be queried by the bank administrator in the Web Admin interface according to the desired grouping. (Subject and content of ViCA message, status of the message, date of delivery to the recipient, time of SMS fallback, external ID).
The offered solution optionally provides the possibility of fallback mechanisms. Thus, the user can also receive the message via SMS if it hasn’t been downloaded in the ViCA application for a certain period of time.
Optionally, a so-called “SMS timer” can be set, in which after a certain period of time the VMS sends an SMS content specified as a parameter to the mobile device of the user registered in the bank.
By setting the “Message timer”, the expiration of the message can be limited in time until the sent ViCA message can be downloaded on the user’s phone.
The „External ID” is the bank’s own identifier that allows the re-pairing of bank messages (no appearance on the screen).
Image source: pixabay.com