Implementing digital transaction signing technologies into the Russian Agricultural Bank online banking and mobile banking for individuals
«You can actively develop a remote service system, fill it with the most innovative services, make it highly functional and convenient, but if you use outdated, inconvenient technology for authorizing operations, this negates the whole effect of your efforts. Russian Agricultural Bank, consistently developing its remote services, paid special attention to the transaction authorization and document signing system. At the same time, we strive to use the most innovative, reliable, and cost-effective solutions, such as SafeTech PayControl platform».
Alexander Seryakov, Head of Remote Banking Development Department. Russian Agricultural Bank, JSC
The project background and objectives
At the current development stage of the remote banking system for individuals of Russian Agricultural Bank, traditional transaction authorization technologies, such as SMS codes, have ceased to suit the bank in terms of convenience, security, and cost. That emphasized the particular relevance of the project for choosing and implementing by the Agricultural Bank of the technology for digital signing transactions and documents on users’ mobile devices.
The completed project tasks include:
- exclude legacy payment authorization methods that deteriorate functionality and ergonomics of the new remote banking system for individuals;
- reduce fraud and social engineering level in mobile and online banking;
- attained targets in ergonomics (simpler procedures and shorter payment time) and profitability (reduced costs of telecom services).
- The thorough analysis of solutions available in Russian market resulted in the choice of the PayControl mobile authentication and digital signature platform by SafeTech, a resident of the Skolkovo Foundation’s IT cluster.
PayControl is a digital signature solution for smartphones that allows customers to confirm their transactions in any digital channel (online banking, mobile banking, CNP operations, telephone banking (Private bank), and others) with a high level of security and convenience. It can work as a standalone application for a smartphone, or can be integrated directly into a mobile banking application.
The key advantage of PayControl compared to traditional payment authorization methods (i.e., a one-time password via SMS) is that the transaction confirmation code is generated directly on the client’s mobile device. The code is tied to the transaction details, so its interception will not help fraudsters steal funds from the account.
Russian Agricultural Bank already used PayControl of the previous version 1.5 in its mobile banking system, and this became a distinguishing feature of the project. This version was introduced in 2016 and was actively used by both individuals and corporate customers of mobile banking. As a result, the project team developed a scheme for migrating active users from version 1.5 to version 3.6. For a customer, everything happened simply and imperceptibly: after installing the updated version of the mobile application, the device is registered in the system at the first login and authorization and the digital signature keys are automatically re-issued, after which the user will be able to immediately manage his account.
A large number of customers and the bank’s desire to unify information interaction with them required to use the high-performance PayControl Inform solution along with PayControl to send messages to users of the remote banking system, as well as messages from other application systems and services. Commercial units, marketing, and customer support units needed their own effective information channel to each mobile user. After the introduction of SafeTech technologies in such a “most complete” configuration, Russian Agricultural Bank’s corporate customers got the necessary functionality, taking into account the modern high requirements for security, legal effect, and non-repudiation from transactions and the will of customers.
Results and business effect
The integration made it possible to securely and conveniently authorize banking operations in two Russian Agricultural Bank systems for individuals at once: in the online banking and in the mobile app. At the time of transaction authorization, customer sees all the payment details on the screen of the mobile device (number, transaction amount, date, recipient account, etc.) and has the ability to verify their correctness prior to the digital signature generation.
Having implemented the technologies for financial transaction digital signing on a mobile device in online banking and mobile banking, Russian Agricultural Bank attained the below results:
- transaction authorization time reduced 3.5 times;
- level of fraud in mobile and online banking reduced by 70-75%;
- reduced bank expenses for SMS.