Multi-Factor Authentication (MFA)

With adaptive authentication, you no longer have to choose between security and user-friendliness. You can now react dynamically during the login process, depending on the underlying context information or business rules.

Adaptive authentication effectively combines your security requirements with an optimised user experience. For instance, a user who tries to access your services from an unknown device may receive a notification email about this new event. If the user logs in from a geographical location other than their place of residence, they may have to specify their second factor again. If the user logs in from a geographically restricted country, their login may even be denied due to geographical service restrictions.

During the login, Nevis automatically collects, analyses and evaluates different signals from the current user context – for example:

• Your current location (geo-location)
• Your travel distance (geo-speed) if you previously logged in from other locations
• Your device with advanced fingerprint scan technology
• Your intended action
• Your source-IP reputation, based on external IP reputation services

Based on these different inputs for every authentication, Nevis continuously creates a risk profile for the user. The system reacts to specific events and risk scenarios, for example, to the logins from a new device or if logins are performed within a short time from locations separated from one another by long distances. You can then decide whether you wish to notify the user or provide additional means of authentication via multi-factor authentication.

Humans are not capable of remembering hundreds of strong and secure passwords. Passwordless authentication is one way around this problem. Nevis offers passwordless authentication on every channel, every device and in every combination, and uses the biometric capabilities of modern smartphones to improve convenience and security for end users. A single tap is all that’s required to authenticate yourself using the combination «something that you have» (your smartphone) and «something that you are» (biometrics). This means that users can log in seamlessly and effortlessly regardless of where they are and of which device they happen to be using.

Mobile authentication is the verification of a user’s identity involving the use of a mobile device and one or more authentication methods to guarantee secure access.

Using the biometric capabilities of modern mobile devices is a convenient solution for multi-factor authentication (MFA) to verify the identity of a person. It uses ownership of a mobile device as the first factor and the same device to check a unique biometric attribute as a second factor.

Our complete range allows companies to seamlessly implement mobile authentication experiences. The Access app and mobile SDK are based on the open FIDO-UAF standard. Here, we support different biometric authentication methods and fallbacks:

• Complete FaceID and TouchID support on Apple iPhone devices
• Support for fingerprints and biometric input requests on Android devices
• Secure PIN-based fallback methods if a user has not activated biometrics

The Access app and the Nevis SDK support multiple accounts on a single device so that you can switch between your company account and your private account if necessary.

Integration in your business app offers you several advantages:

• More responsive than a browser, which creates a native feeling for the end user
• Greater security and fewer support calls thanks to a better-controlled end-user environment
• Support for standardised transaction confirmations that the revised FIDO2 standard lacks

Our Mobile SDK for iOS and Android enhances your existing app by adding passwordless authentication functions or functions for signing transactions. The SDK is available for:

• Native iOS/Android apps
• Flutter
• React Native

Web-based

Don’t have an app? With Nevis, biometric authentication in the latest Android OS and iOS versions is supported directly in the mobile browser. You do not need an additional download or app and it works wherever one of the latest browsers is available.

Mobile hardening

Our Mobile SDKs and Access app are fully ‘hardened’ to protect the integrity of mobile devices and to detect if this integrity has been breached. It is an additional security level that makes mobile authentication more secure, even if a mobile device has been compromised.

The signing of transactions is a core requirement for a successful digital business. Conventional password flows are not suitable for signing transactions since they are unwieldy and are not legally permissible in some industries. The financial services industry requires that transactions be compliant with regulations such as PSD2 and SCA (strong customer authentication).

With Nevis, you can use the same methods for transaction signing that you also use for authentication purposes.

Nevis is certified for compliance with the FIDO-UAF standards, the gold standard for security in the financial services industry. With FIDO UAF, transaction signing is based on the concept of «What You See Is What You Sign» (WYSIWYS). The user signs a transaction message that is displayed with the help of a biometrically secured private key.

Dynamic linking covers an additional series of requirements that were introduced in the Regulatory Technical Standards (RTS) – the implementation guidelines for PSD2. Dynamic linking requires that an authentication code be unique for every transaction – meaning it can only be used once. Furthermore, it must be specific for the transaction amount and the recipient. Both the amount as well as the recipient must be clearly stated during authentication.

Implement transaction confirmations that comply with industry regulations such as PSD2 with dynamic linking:

Our solution offers multi-factor authentication with an authentication code (signed challenge) for confirming registration and the transaction. The challenge is sufficiently long and randomly generated as to render conflicts virtually impossible, and the authentication code is only accepted once.

The elements used for multi-factor authentication are independent of one another.

Nevis guarantees the confidentiality of the authentication data: it is based on the FIDO-UAF standard (including public-key cryptography). Information such as the PIN, the user’s biometric characteristics or the private key never leave the device.

TLS and mobile hardening also guarantee the confidentiality and integrity of the transmitted authentication data.

Usernameless is the next variant of seamless logins. This allows you to log in without specifying a username. You can even choose the account you want to log into in the app. The process is simple:

• Display a QR code or deep link
• Open the Access app
• Select the account to continue
• Confirm using your biometrics (or PIN as a fallback)

That’s it!

This is supported both by the Access app as well as by custom apps created using the mobile SDK.