The Nevis Experience
for PostFinance

Download the PostFinance Story

PostFinance Relies on Nevis for a Secure and User-Friendly Login Process

Initial Situation

PostFinance and Nevis have already been enjoying a trusting working relationship for the past 15 years, with frequent discussions about future topics and their potential. This gave rise to a desire for uniform digital access to the banking platform. Customers originally had two different retail bank login processes to choose from: via a card reading device or mobile ID. There was also a so-called “fast service” for use on mobile devices that relied on a password or touch ID. However, since the underlying security and authentication technologies did not fully meet the requirements of a comprehensive mobile banking solution, the functionalities of the fast service were very limited.

While the first two concepts gave users unlimited e-finance access with limited user-friendliness, the fast service app scored high for providing a good user experience. Albeit with a much smaller range of functions given security concerns. Both partners had the same goal in mind: uniform app access – on a smartphone as well as a desktop.

Solution

In order to achieve this goal, a software-based two-factor authentication process in line with FIDO UAF, the industry standard for password-free authentication, was implemented. The operational principle: after registering, users can sign in to the online service with their device without entering a password each time. Different biometric features, such as fingerprint or face, are deployed for user authentication.

Right at the start of the project, it was determined which operating system versions should be used for the app – particularly outdated versions were out of the question for security reasons. Another security element is mobile app protection, or hardening. Among other things, this involves checking whether the smartphone has been jailbroken or rooted, which can massively compromise security.

The final solution covers the entire Identity and Access Management of the PostFinance e-finance portal and guarantees secure access to end customers via desktop or mobile devices. All login processes are integrated with the central access management infrastructure using the nevisAuth authentication service. As of August 2020, around 1.1 million users have activated the new login process. There were around 50,000 new registrations per month.

Was Kunden über Nevis sagen

Was Kunden über Nevis sagen

Our customers really appreciate passwordless and secure access to their accounts: the number of customer interactions has doubled.
Eric Müller
Eric Müller Lead Solutions Architect, PostFinance

About PostFinance AG

As a subsidiary of Schweizerische Post, PostFinance is the largest Swiss retail bank and is 100 percent government owned. The company focuses exclusively on the Swiss market and generates an annual balance sheet of 120 billion Swiss francs. PostFinance’s ca. three million customers are equivalent to 40 percent market penetration of the Swiss population. It processes over one billion transactions. PostFinance’s online banking services are currently used by over two million customers.

Download the PostFinance Story