VIDEO: Vasco Digipass technology changes user’s password every 30 seconds to thwart hackers

By Byron V. Acohido

KBC Bank Ireland announced last month that it has upgraded security for mobile customers by integrating the Vasco Digipass for apps into its mobile security application.

The Irish bank’s decision is part of a growing trend by financial institutions to implement advanced security solutions for an increasing number of customers who bank with a mobile device.

Mobile banking is growing faster than the use of online banking did, and smartphones will soon be within the reach of almost all banking customers,” says Vasco Data Security International Vice President John Gunn. “In the next few years, mobile payments will be preloaded on every new phone and integrated into every mobile banking application.”

With the addition of Digipass, KBC Bank customers can use an iPhone’s Touch ID functionality—a fingerprint identity sensor—instead of a PIN code. Digipass automatically changes a mobile user’s password every 30 seconds, and the bank’s server tracks whether each is valid.

Vasco’s technology provides a graphical cryptogram that contains the details of the transaction, e.g. payee, amount, account number. When a picture of the color QR code is taken and then decoded, customers can securely view and verify financial details on a computer, smartphone or tablet and then authorize the transaction. Because it is encrypted, hackers cannot change the details so they cannot conduct man in the middle attacks.

More: Apple gets into mobile payments with iPhone6

This eliminated the opportunity for hackers to use stolen passwords and makes phishing attacks obsolete,” Gunn says. “With a six-digit PIN or a one-time-password, a hacker would have a one-in-a-million chance of guessing the correct password. Brute force attacks don’t work because a hacker cannot present a million attempts in 30 seconds, and the password changes again within that time.”

Two-factor authentication offers stronger shield

Simon Keates, a mobile payment security expert for Thales e-Security, says Vasco’s Digipass, or two-factor authentication, is “a proven method for enhancing typical authentication methods and significantly reducing the possibility of an attack.”

Similar technology is used by Barclays, other major banks, and nonfinancial services such as Google, iCloud, Evernote and LastPass, Keates says.

Some other banks that offer a mobile banking application integrated with Digipass for Apps are Sumitomo Mitsui Banking and Jibun Bank in Japan, Odeabank in Turkey, and Skandiabanken in Switzerland.

KBC Bank Ireland, which has 1,000 employees in Dublin, Cork, Limerick, Galway, Kilkenny, Waterford and Kildare, was a Vasco customer prior to the Digipass deal. The bank uses Vasco’s Vacman Controller, an API-based (application-programming platform) authentication platform that serves as the back end for all Digipass authenticators.

Vasco was the first company to introduce two-factor authentication to secure online banking, Gunn says.

In 1988, Dutch bank ABN AMRO first implemented the Digipass Access Key. “Back then, Gunn says, “customers used dial-up Internet connections, and the available services were pretty limited, but they still needed the extra security that two-factor authentication delivered.”

Vasco Digipass is one of many innovations security companies are pitching to the financial sector to make mobile financial transactions more trustworthy, he says.

The iOS and Android platforms of current smartphones allow us to deliver enhanced security and fraud prevention in dozens of ways, and now many of these can occur in the background without the banking customer even knowing.”

Hackers shift to new target

Mobile banking and mobile payments are rapidly increasing in popularity, following in the footsteps of online banking. Recent surveys, Gunn says, show mobile banking is the preferred channel for banking customers, and many banks are developing mobile-first strategies for engaging with their customers.

Online banking started almost 20 years ago, and now 80 percent of bank customers use it,” he says. “In just the past four years or so, mobile banking has grown to 52 percent of smartphone owners.”

We’ve reached a tipping point where hackers will redirect resources to attacking mobile banking because now the big payday will be there,” Gunn says. “We are about to see significant increases in the number and sophistication of attacks on mobile devices. Protecting mobile devices and transactions will be imperative for banks.”

U.S. banks are as proactive as their European counterparts in adopting new mobile security technology, Gunn says.

U.S. banks are behind their European brethren in implementing authentication and digital transaction signing for online banking and, as a result, suffer greater losses,” he says. “It is similar to the situation with EMV card (the chip-technology-based global standard for credit and debit cards) adoption in the U.S. versus the EU. With mobile banking, U.S. banks will enter the arena on equal footing and an equally secure environment.”

Gary Stoller contributed. This article also appeared on

More stories related to mobile apps:
Mobile dating apps come with hidden hazards
Elastica discovers major vulnerability in Salesforce cloud CRM app
Facebook, Yahoo ease-of-use apps may open new security holes

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone