Contact Us
Get a Free Trial

The Nevis Experience
for PostFinance

Download the PostFinance Story
4.5

million PostFinance customer
accounts are secured with
biometric access from Nevis

PostFinance Relies on Nevis for a Secure and User-Friendly Login Process

Initial Situation

PostFinance and Nevis have already been enjoying a trusting working relationship for the past 15 years, with frequent discussions about future topics and their potential. This gave rise to a desire for uniform digital access to the banking platform. Customers originally had two different retail bank login processes to choose from: via a card reading device or mobile ID. There was also a so-called “fast service” for use on mobile devices that relied on a password or touch ID. However, since the underlying security and authentication technologies did not fully meet the requirements of a comprehensive mobile banking solution, the functionalities of the fast service were very limited.

While the first two concepts gave users unlimited e-finance access with limited user-friendliness, the fast service app scored high for providing a good user experience. Albeit with a much smaller range of functions given security concerns. Both partners had the same goal in mind: uniform app access – on a smartphone as well as a desktop.

Solution

In order to achieve this goal, a software-based two-factor authentication process in line with FIDO UAF, the industry standard for password-free authentication, was implemented. The operational principle: after registering, users can sign in to the online service with their device without entering a password each time. Different biometric features, such as fingerprint or face, are deployed for user authentication.

Right at the start of the project, it was determined which operating system versions should be used for the app – particularly outdated versions were out of the question for security reasons. Another security element is mobile app protection, or hardening. Among other things, this involves checking whether the smartphone has been jailbroken or rooted, which can massively compromise security.

The final solution covers the entire Identity and Access Management of the PostFinance e-finance portal and guarantees secure access to end customers via desktop or mobile devices. All login processes are integrated with the central access management infrastructure using the nevisAuth authentication service. As of August 2020, around 1.1 million users have activated the new login process. There were around 50,000 new registrations per month.

«Our customers really appreciate passwordless and secure access to their accounts: the number of customer interactions has doubled.»
Eric Müller
Eric Müller Lead Solutions Architect, PostFinance

About PostFinance AG

As a subsidiary of Schweizerische Post, PostFinance is the largest Swiss retail bank and is 100 percent government owned. The company focuses exclusively on the Swiss market and generates an annual balance sheet of 120 billion Swiss francs. PostFinance’s ca. three million customers are equivalent to 40 percent market penetration of the Swiss population. It processes over one billion transactions. PostFinance’s online banking services are currently used by over two million customers.

More Customer Stories

Manufacturing
Viessmann turns to Nevis’ secure login
Viessmann turns to Nevis’ secure login
User management at Viessmann was simplified considerably, which enhanced convenience and the security of all users.
Banking
Quilvest (Switzerland) Ltd. Relies on Secure Authentication From Nevis
Quilvest (Switzerland) Ltd. Relies on Secure Authentication From Nevis
Quilvest (Switzerland) offers customers easier handling by using mobile and e-banking in a single app.
Healthcare and Life Sciences
MediData – Protected Health Data
MediData – Protected Health Data
The Nevis Identity Suite protects MediData's network. Users are given secure and password-free access to their web applications.
Government
Canton of Zug – ZUGLOGIN and the eZug App
Canton of Zug – ZUGLOGIN and the eZug App
The canton of Zug expands online access and saves time and costs on the administrative and customer side with user accounts protected by Nevis.