Signature valid: how safetech protects banks with digital signature

Experts' publications

We have long been accustomed to buying the necessary things over the Internet. At the same time, it is obvious that at the time of purchase we must first confirm our identity and the action taken. Snob continues to talk about promising Russian startups of the Skolkovo Foundation. This time, we tell the story of how SafeTech developed innovative solutions to protect remote banking systems.

Denis Kalemberg
Photo: SafeTech Press Office

SafeTech was established ten years ago. The company founder, Denis Kalemberg, recalls that then banks massively faced the problem of stealing customers’ money through remote banking systems. Hackers infected computers of accountants with a virus. As a result, when they signed payment orders, the malware quietly changed the payment details, and the money went to the wrong place. At that moment, Denis and his partner developed a protective device for banks: it allowed users to sign documents only after additional verification and confirmation of the operation. About 50 banks implemented the device, and five years later, the creators of SafeTech came up with new technology: mobile digital signature.

Suppose you want to remotely buy a product or pay for a service. The bank must be sure that it is you who make the payment. To verify this, the bank can send an SMS message or a push notification with a secret code, but there is still a risk that scammers will intercept the information. At the same time, mobile signature technology minimizes these risks. It is based on asymmetric cryptography. It assumes that each transaction is confirmed by a unique code: the code is tied to specific operation detail, the customer’s secret key, timestamp, and digital fingerprint of the user’s smartphone. The signature is formed of four unique elements: details of a specific operation, customer key, timestamp, and “fingerprint” of the user’s smartphone. That is, customers see payment details on their smartphones and confirm payments with a click, while the bank receives a guarantee of the customer’s identity. Moreover, even if attackers gain access to the signature, they still will not be able to use it for another operation on another device.

Today, more than 70 banks use the PayControl platform (the so-called system with a mobile digital signing feature) among which are Alfa-Bank, Russian Agricultural Bank, Russian Standard, and others. At the same time, the platform allows users not only instantly confirm financial transactions, but also sign documents directly on their smartphones. For example, VTB customers using SafeTech can register a legal entity or submit tax reports. It works like this: a customer comes to the bank and receives a qualified digital signature for the smartphone. With this signature, the customer signs documents to open a business and later uses it to open a current account and sign up for remote banking services.

Denis Kalemberg recalls that when the technology of mobile digital signature just appeared, banks were reluctant to implement it: the first SafeTech customer appeared only a year and a half after the platform release. Today the company’s solution is in demand not only in Russia but also abroad: this year SafeTech opened a representative office in Singapore. Three years ago, the company became a resident of the Skolkovo Innovation Center, and this year SafeTech received an award of the Innovation Leaders 2019 Fund in the financial sector. In the future, the company founders plan to cooperate not only with banks. According to their forecasts, in a few years, we will be able to both take loans remotely and register real estate and confirm receiving deliveries directly with our smartphones without using paper.