Contact Us
Get a Free Trial

The Nevis Experience
for PostFinance

Download the PostFinance Story

Initial Situation

PostFinance and Nevis have already been enjoying a trusting working relationship for the past 15 years, with frequent discussions about future topics and their potential. This gave rise to a desire for uniform digital access to the banking platform. Customers originally had two different retail bank login processes to choose from: via a card reading device or mobile ID. There was also a so-called “fast service” for use on mobile devices that relied on a password or touch ID. However, since the underlying security and authentication technologies did not fully meet the requirements of a comprehensive mobile banking solution, the functionalities of the fast service were very limited.

While the first two concepts gave users unlimited e-finance access with limited user-friendliness, the fast service app scored high for providing a good user experience. Albeit with a much smaller range of functions given security concerns. Both partners had the same goal in mind: uniform app access – on a smartphone as well as a desktop.

Eric Müller

«Our customers really appreciate passwordless and secure access to their accounts: the number of customer interactions has doubled.»
Eric Müller, Lead Solutions Architect, PostFinance

Solution

In order to achieve this goal, a software-based two-factor authentication process in line with FIDO UAF, the industry standard for password-free authentication, was implemented. The operational principle: after registering, users can sign in to the online service with their device without entering a password each time. Different biometric features, such as fingerprint or face, are deployed for user authentication.

4.5

million PostFinance customer
accounts are secured with
biometric access from Nevis

Right at the start of the project, it was determined which operating system versions should be used for the app – particularly outdated versions were out of the question for security reasons. Another security element is mobile app protection, or hardening. Among other things, this involves checking whether the smartphone has been jailbroken or rooted, which can massively compromise security.

The final solution covers the entire Identity and Access Management of the PostFinance e-finance portal and guarantees secure access to end customers via desktop or mobile devices. All login processes are integrated with the central access management infrastructure using the nevisAuth authentication service. As of August 2020, around 1.1 million users have activated the new login process. There were around 50,000 new registrations per month.

About PostFinance AG

As a subsidiary of Schweizerische Post, PostFinance is the largest Swiss retail bank and is 100 percent government owned. The company focuses exclusively on the Swiss market and generates an annual balance sheet of 120 billion Swiss francs. PostFinance’s ca. three million customers are equivalent to 40 percent market penetration of the Swiss population. It processes over one billion transactions. PostFinance’s online banking services are currently used by over two million customers.

More Customer Stories

Government
Cantonal Tax Authorities – Canton of Zurich
Cantonal Tax Authorities – Canton of Zurich
Cantonal Tax Authorities secures business applications with Nevis Security Suite
Healthcare and Life Sciences
HIN - Identity and Access Management for Health Info Network
HIN - Identity and Access Management for Health Info Network
Health Info Net AG (HIN) is considered the Swiss standard for secure communication and it assumes the role of electronic identity provider (IDP) for healthcare professionals and facilities.
Healthcare and Life Sciences
Clinerion – Patient Network Explorer
Clinerion – Patient Network Explorer
Secured access to Clinerions' patient network explorer using passwordless two-factor authentication in accordance with the Nevis FIDO standard