Contact Us
Get a Free Trial

The Nevis Experience
for PostFinance

Download the PostFinance Story

Initial Situation

PostFinance and Nevis have already been enjoying a trusting working relationship for the past 15 years, with frequent discussions about future topics and their potential. This gave rise to a desire for uniform digital access to the banking platform. Customers originally had two different retail bank login processes to choose from: via a card reading device or mobile ID. There was also a so-called “fast service” for use on mobile devices that relied on a password or touch ID. However, since the underlying security and authentication technologies did not fully meet the requirements of a comprehensive mobile banking solution, the functionalities of the fast service were very limited.

While the first two concepts gave users unlimited e-finance access with limited user-friendliness, the fast service app scored high for providing a good user experience. Albeit with a much smaller range of functions given security concerns. Both partners had the same goal in mind: uniform app access – on a smartphone as well as a desktop.

Eric Müller

«Our customers really appreciate passwordless and secure access to their accounts: the number of customer interactions has doubled.»
Eric Müller, Lead Solutions Architect, PostFinance

Solution

In order to achieve this goal, a software-based two-factor authentication process in line with FIDO UAF, the industry standard for password-free authentication, was implemented. The operational principle: after registering, users can sign in to the online service with their device without entering a password each time. Different biometric features, such as fingerprint or face, are deployed for user authentication.

4.5

million PostFinance customer
accounts are secured with
biometric access from Nevis

Right at the start of the project, it was determined which operating system versions should be used for the app – particularly outdated versions were out of the question for security reasons. Another security element is mobile app protection, or hardening. Among other things, this involves checking whether the smartphone has been jailbroken or rooted, which can massively compromise security.

The final solution covers the entire Identity and Access Management of the PostFinance e-finance portal and guarantees secure access to end customers via desktop or mobile devices. All login processes are integrated with the central access management infrastructure using the nevisAuth authentication service. As of August 2020, around 1.1 million users have activated the new login process. There were around 50,000 new registrations per month.

About PostFinance AG

As a subsidiary of Schweizerische Post, PostFinance is the largest Swiss retail bank and is 100 percent government owned. The company focuses exclusively on the Swiss market and generates an annual balance sheet of 120 billion Swiss francs. PostFinance’s ca. three million customers are equivalent to 40 percent market penetration of the Swiss population. It processes over one billion transactions. PostFinance’s online banking services are currently used by over two million customers.

More Customer Stories

Healthcare and Life Sciences
MediData - protecting healthcare data for service billing
MediData - protecting healthcare data for service billing
How the Nevis Identity suite protects MediData’s network and provides users with a secure and password free access to their web applications.
Government
Canton of Zug – ZUGLOGIN and the eZug App
Canton of Zug – ZUGLOGIN and the eZug App
How the Canton of Zug saves time and money with Nevis-protected user accounts for the administration and its customers. And increases its online offerings.
Government
Cantonal Tax Authorities – Canton of Zurich
Cantonal Tax Authorities – Canton of Zurich
Cantonal Tax Authorities secures business applications with Nevis Security Suite