User-friendly multi-factor authentication with COVR

, , , , , ,

Digital payment and online banking are all about striking the right balance between customer convenience and security. People expect it to be easy, so a complicated authentication process will turn them away. Luckily, onboarding users with COVR’s Multi-Factor Authentication API is not a problem. With this API, they can authenticate their payment directly from their smartphone without interrupting their flow.

COVR’s Multi-Factor Authentication API enables fast and convenient user authentication on smartphones. It keeps you and your users protected from all types of fraud and impostor activity, like identity theft, credit card hijacking, skimming and phishing. Even in risky settings like public wifi and unknown, unprotected networks. The API facilitates compliance, user retention and growth by providing stable and secure authentication and supporting user-friendly onboarding.

The Multi-Factor Authentication API is designed to help you to:

1. Comply with laws against money laundering, financial crime and enhanced privacy for individuals.

2. Defend and protect from online fraud and identity theft.

3. Facilitate people’s expectations on convenient, fast, secure signup and account login experiences.

Upgrade security with user-powered control and push notifications

Enable your end-users to actively protect their digital identity. With the Multi-Factor Authentication API, they control what information they share and with whom.

Thanks to push notifications instead of passwords, the onboarding and login process are a piece of cake. Once the user has logged in, the in-app verification alerts give the user the option to accept or deny authorization with a single tap. 

One solution for every authentication scenario

COVR’s API is developed for any industry in need of strong end-user authentication and can be applied throughout all user groups – employees, end-users and third-parties. It works seamlessly across all platforms, applications and use cases. It also lets you authenticate end-users and authorize access throughout all of your business applications quickly.

The unique benefits

1. Benefit from passwordless authentication to access to sensitive information and money transactions.

2. Activate two or more authentication methods to protect your users from every threat.

3. Authenticate and onboard users with QR codes for a smooth end-user experience.

4. Allow users to authenticate themselves to sign contracts, loans and other legal documents.

Fast implementation, scalable and cost-efficient

COVR needs a minimum of infrastructure to scale for unlimited users simultaneously and plugs into existing systems with minimal modification. There’s no need for additional, expensive hardware.

Credit card security

Does your company issue credit cards? Then you know it’s a complicated process for both customer and issuer to re-approve a transaction that has been denied. It involves phone calls, security questions, identity document verifications or other payment methods.

With the Multi-Factor Authentication API, you can allow the credit cardholders to authorize the transaction themselves. This eliminates the problem with payment rejection and false-positive denials. Every smartphone can be reached by the bank in seconds, anywhere in the world. It is also registered to send authorization request push notifications with a response time of a couple of seconds. The result: seamless card transactions, and fully trusted, accepted purchases – both by the bank and its customers.

Reusable identity validation and account recovery

Dealing with stolen credit cards, lost smartphones or hacked accounts? Recovering all the lost data from each online service could be a lengthy and costly task.

With this API, recovery processes run fast, easy and secure. After a new identity verification is done, COVR can reconnect the user with their existing digital identity. Including all their history, transactions and various accounts. As nothing is ever lost, the user can continue to build their online reputation. 

/by

Convenience vs. security in mobile banking

People want an ultra-low-friction mobile payment experience that says yes to a lickety-split transaction, with a minimum of taps and without the extra hoo-ha.

Pay on the go, wherever you are, is the catchphrase of today. This is the inevitable reality so let’s take a second to untangle some of the pitfalls and opportunities for banks to get on top of this development.

In-app purchasing, person-to-person payments and e-wallets are all results of consumers’ relentless demand for instant access to their money. Needless to say, this is why the most convenient and readily available device of them all – the smartphone – is becoming the payment channel of choice. Sending money to friends and family, shopping or doing day-to-day things like paying a bill inside various apps are all examples of consumer behaviours that are taking off in a phenomenal way. 

“Tap-sign-done”

It’s no longer just well known online payment services like PayPal, Google Wallet and Apple Pay (that have been around long enough to earn trust) that are competing for a piece of the mobile instant payments pie. Thanks to the revised payment services directive (PSD2), the entire payment services ecosystem have entered the race and offer competitive-edge and value-added “overlay” payments that boost consumer instant access. Whether it’s game-changing players like Square, Klarna, Paym and Dwolla or run-of-the-mill banks, the potential success stands and falls with a combination of convenience and security.

The educated guess would be that as long as people can stay secure, they will take the path of least resistance. But convenience will only go so far when it comes to the adoption of mobile payments. Without the underpinning security, this ever-growing trend could halt in mid-stride if consumers don’t trust that their money is a hundred percent secure.

Trust, trust, trust

Even though banks are late to the mobile payment user-convenience party, research shows that consumers still have a much higher level of confidence dealing with their banks, than online platforms and social-media companies when it comes to payments services. This is a slam-dunk advantage that gives banks the chance to stay competitive by drawing from the hard-earned trust they have built with their customers over the years.

As payment innovation has been about striking the right balance between customer convenience and security banks are successively abandoning yesterday’s security methods and have started to evaluate new and more robust alternatives at hand. But bringing about a genuinely effortless mobile user experience and at the same time reach fool-proof security is no easy feat. To begin with, instant payment features radically shortens the time to identify fraud so no matter which way you look at it, you need to invest in extremely secure real-time fraud detection based on strong user authentication. Exceptional user convenience on the smartphone may be the term of the day as it stands, but without up-to-date security tech behind it, it could be good for nothing.

In the near future, those who offer their customers the security and sought-after split-second payment convenience will survive. This is why we have developed Covr, a user-centric mobile security management platform. It will help banks and other financial players to overcome the biggest hurdles in the transition to large scale open banking as it doesn’t require hardware or huge installations costs.

About Covr Security 

Covr Security AB, located in Malmo, Gothenburg, Stockholm, Frankfurt and Palo Alto, is a Swedish cybersecurity company. We have developed a next-generation, user-centric mobile security management app for a wide range of heavily regulated digital industries that depend on strong customer authentication and privacy. The Covr app is available both as an off-the-shelf authentication mobile app ready for a quick launch and as a powerful SDK for hassle-free integration into existing mobile applications.

/by

Two major data leaks point to the problems with current security systems

Both Marriott and Voi have recently had data about millions of their customers leaked, the prior by a hack and the latter by poor security set-up. The conclusion: The current systems for ensuring the safety of our customer’s data are far from sufficient.

In late November last year, the hotel chain Marriott announced that they had been the target of a data hack, exposing the information of 500+ million customers. The hackers had access to the customer data since 2014, but it took Marriott five years to realize they had been hacked. During that time, the hackers had access to names, phone numbers, email addresses, passport numbers, dates of birth and arrival and departure information of 327 million of Marriott’s customers. Besides that, for millions of others, the credit card numbers and card expiration dates were also potentially compromised.

Just a few days ago the electric scooter company Voi, that has placed scooters in major cities all over Europe, had 460.000 of their customer’s names, emails and phone numbers exposed openly on the internet. According to the German media company Bayerischer Rundfunk, the data was accessible by anyone without having to break any rules or even be a very proficient hacker.

Two major data leaks point to the problems with current security systems 2
Photo by Denniz Futalan from Pexels

Both of these incidents are very severe and point to the fact that the systems that many companies rely on to keep their customer’s data safe are insufficient. Whether it be by poor process design, a lack of understanding, or simply an outdated IT-system, there is a great need for better ways to protect the data customers entrust companies with. Poor PR is also not the only thing that can come from such data leaks. In light of the recent EU-directive GDPR, companies now also run the risk of getting hefty fines. In the Marriott-case, the data-breach has been deemed one of the most severe in history, and it will take several months for regulators to investigate the situation fully.

Had the companies instead ensured that the customer data could only be accessed by authorized personnel and had warning systems in place, the breach would either never have been possible or stopped a lot earlier. As a customer in today’s tech-world, your personal data can wreak havoc in your personal life on a scale previously unimagined. A leak such as the ones at Marriott and Voi, should therefore simply not be possible, especially since there are systems available that would have prevented them.

It’s time that companies accept their responsibility, and take measures to ensure that such leaks are not possible. Finding secure IT-systems is not an impossible feat, rather, there are companies like Covr Security that make sure that your customer’s data will remain safe and secure, while still allowing the information to be accessed by the right person at the right time. Security is not just a fancy word to be thrown around in the corporate visionary document, it’s a necessity to ensure that you have a business in the years to come.

/by

Covr visits Israel to learn from their very active start-up scene

If you would list the three main start-up scenes in the world that produce more Unicorns (+1 Bn USD companies) than any other, you would probably mention Silicon Valley, Sweden, and Israel. So, for a start-up tech-company in Sweden, it makes perfect sense to visit one of these hubs to learn from their experiences. In the next week Covr is doing just that, and the reason? To make smarter decisions and better business in a global market!

In today’s interconnected world, networking is one of the primary skills you need to master. Both companies and business gurus talk more about collaboration than competition, and as a company, in a small market, you quickly need to expand your network on an international market. Covr is, therefore, taking a trip to Israel to exchange ideas, get inspiration and gain insight into how companies on similar, yet somewhat different, markets do things. The Swedish and Israeli market is similar in the sense that they both are too small for a company to make it on that market alone. As a start-up, you must see yourself as a global company from the start, but that also brings a lot of new obstacles and challenges. To then take the opportunity to learn from others in similar positions is nothing but a smart investment for your future business development.

Peter Alexanderson, Founder of COVR Security, speaks in Tel Aviv Fintech week, 5th of March 2019.

Covr’s networking trip will hopefully generate ideas that will position the company for a rapid, and profitable expansion, as they are gearing up to bring their security solution to the global market. However, there’s a considerable difference between expanding globally with the experience others have already gained, or going at it alone, much like learning how to drive with or without a tutor. Preferably the earlier before the latter.

We look forward to hearing the tales and lessons learned, and above all to see them implemented, as Covr takes identity validation and digital security to the next level for individuals and companies around the globe.

/by

Prevent fraud and build trust with your customers by simply buffing up your FDP-system

You don’t want to lose money due to online fraud, do you? Then you better buff up your FDP-solutions, because retailers are expected to lose $ 130 billion in CNP-fraud in just the next 5 years.

As online shopping and digital solutions are becoming more common, we are also seeing a rise in online fraud, and the no-good-doers are getting more creative every day. As an online retailer, you, therefore, need to increase and expand your Fraud Detection and Prevention (FDP) measures in order to keep the bad guys at bay and prevent your business from sustaining heavy losses in the upcoming years.

E-commerce sites need to invest in secure purchases, that will then reduce lost revenue and increase consumer trust.

Catching fraudsters with their hand in the digital cookie-jar simply isn’t as easy as it used to be.

If you are like most eCommerce merchants, you have probably focused mainly on detecting fraud at the point of transaction. This makes sense since this used to be the place where fraud was common, and it’s was also fairly easy to detect certain types of fraud there. But nowadays the fraudsters have become better at hiding their intentions, and you need to look for suspicious behaviour earlier during the session in order to identify them. Catching them with their hand in the digital cookie-jar simply isn’t as easy as it used to be.

The reason why most online retailers don’t invest in a multi-layer FDP is that it seems like a waste of money. There is a perception that an advanced system like that can only detect fraud, and thus it makes little sense investing in a costly system that only does one thing. It can sometimes also be hard to calculate the exact amount of money lost to fraud, so calculating the ROI of such a system becomes trickier. But now that a recent study from Juniper Research indicates a potential loss of $ 130 Bn the coming five years in Card Not Present (CNP) fraud alone, getting a better system might prove to be a good investment after all.

There are also added benefits of having a better FDP-system in place. One of the authors at Juniper Research, Steffen Sorrell, explains, 

A layered FDP solution naturally helps directly preventing fraud, but it also offers major gains in terms of recovering potentially lost revenue through false positives. This is something about which retailers remain undereducated, and has allowed fraudsters to capitalize on relatively low FDP spend,”

Online-shoppers love a retailer they can trust

This means that a well implemented FDP-solution will quickly earn its money back. And not just by preventing fraud, even though the staggering losses Juniper Research calculate might be enough already, but also from increasing consumer-trust.

So, by having a multi-layer FDP you can build a secure and trustworthy shopping experience for your customers. And trust me when I say this: online-shoppers love a retailer they can trust. If you are worried about the ROI, fret no more, buffing up your anti-fraud system will quickly prove to be a good investment for both you and your customers.

/by

Market outlook: The need for protection creates explosive growth in the mobile cyber security industry

A new market segment is rapidly emerging within the tech sector that perhaps is one of the fastest, if not the fastest, segment of market growth – mobile security software and services.

Mobile transactional security and cyber defence has become increasingly critical since companies continue to collect, handle, and store enormous amounts of confidential information and sends that data across networks – many of them scarily unsecure and unprotected. There is also a “bring-your-own-device” (BYOD) culture in almost all modern companies today and that is one reason cyber security is crucial for all points in the network, including smartphone connectivity. Cyber security is not just a matter for the IT-department anymore, but for all executive decision makers in a company.

“Protecting mobile devices is in fact harder than to protect a traditional company IT environment”, says Peter Alexandersson, CEO of mobile security company Covr Security.
It’s because employees have personal control over their own device and can choose to download any type of app and can decide what protection to use – or in worst case, not use.”

What is driving the growth in cybersecurity?

Cybersecurity isn’t new, but it’s definitely a red-hot area when it comes to protecting mobile devices. The ransomware epidemic and sensational rise in cybercrime has in recent years leapfrogged from PCs and laptops to smartphones and other mobile devices affecting companies and consumers resulting in catastrophic losses globally. So, there is a snowballing demand for secure mobile transaction solutions across all industries world wide which is, according to most analysts, expected to drive massive market growth in the coming years. One well-known example is Bank of America that has said that they have an unlimited budget when it comes to fighting cyber attackers, fraud and hackers.

“Every year, banks and other financial players are spending enormous amounts of money to stop fraud”, Peter Alexanderson continues. 
“And every year, their losses multiply. This is why the solution to combat cyber crime, especially for mobile devices, has to be more holistic than just installing security software on a server. This is exactly the reason we have developed Covr.”

Peter Alexandersson, CEO COVR Security

According to an article in Forbes market research firm Cybersecurity Ventures expects that companies will spend more than $1 trillion over the next five years in cybersecurity for PCs, mobile devices, and Internet of Things (IoT) devices. In addition Business Insider’s research service BI intelligence has estimated that $113 billion will be spent on protecting mobile devices alone. A recent compilation article from Nasdaq also discloses that Bloomberg and IDC considers mobile security to be one of three that has the biggest market growth potential.

A glimpse into the near future for the market

As companies and consumers grow increasingly nervous about new and gruesome cyber threats entrepreneurs rush to develop a multitude of innovative solutions – and venture capitalists are (sad to say?) seeing big openings here and pour money into the sector.  While most tech industry sectors are operating on a more mature market with big competition, forced to improve profitability – cybersecurity is driven by online fraud, crime and felonies where innovation needs to evolve quickly to keep up with elaborate new threats.

New and innovative solutions, Covr in particular, guarantees extreme protection from advanced epidemic threats like phishing, malwares, viruses, network spoofing, connection to unsecure public networks and inadequate company policies for data protection. According to the predictions in this article we firmly believe that Covr is in pole position to protect enterprises and individuals on a large scale.

/by

The best way to handle security threats is simply to prevent them from happening altogether

It’s spine-chilling to imagine that sensitive information about you could have been accessed by a cybercriminal or published somewhere on the public or dark web, isn’t it? Regrettably, the chances are that this has already happened.

With the apparently endless bombardment of malware and phishing attacks, navigating the digital world is a risky business. The nagging and constant feeling of unease is the reality for almost every person using any type of online service – and today that is all of us. If people don’t know which information that is sensitive, and which isn’t, where their information is stored and who has access to their data, then they are in a dangerous position from a cybersecurity perspective. Perhaps we should delete our Instagrams, stop sending emails, uninstall our banking apps and move to a desert island? This common fear is a very real challenge for companies that handle their users’ credentials. Everything relies on security – no matter what trade a company is in – they are all in the trust business.

Despite arduous efforts to continuously reinforcing security, data protection is only as strong as its’ weakest link, no matter how many precautions that are taken to keep users safe online. As it traditionally has been expensive to invest in security soft- and hardware, recruit data security experts or employ entire data security departments one fallback, especially for online retail, has been to just rely on credit card issuers or the banks’ security systems to handle it all. Some services still even offer only one-factor authentication in the form password “protection” (we put the word “protection” in quotation marks as passwords are useless when it comes to online security).

Cybercrooks can decipher even the longest, most complicated password imaginable within minutes.

However, more and more companies have started to offer their users two-factor authentication (2FA) via a second channel – the mobile device. Not long ago text messages were used for this purpose (and still are in too many cases). Okay, the least difficult way to implement two-factor is with SMS, where the user receives an access code each time they log in to a secured account. And of course this is better than nothing, but 2FA via SMS has an abundance of drawbacks (but that is another blog post). One of them is that hackers nowadays can “reroute” the two-factor SMS notifications to their own devices by hijacking your SIM-card and stealing your phone number.

For better protection, digital giants like Google and Microsoft are now instead of pushing for their Authenticator apps, which, sorry to say, just work within their own systems. Authentication over a mobile app relies heavily on several pieces of the puzzle falling in place and most security apps today are not user-centric, i.e., user-friendly or intuitive. This is where Covr differs, its beauty is in its simplicity: not only does our app build on unique multi-factor, second channel out-of-band authentication – it also caters for an easy journey for the user. Instead of having to login into applications one by one as with other authentication apps, Covr’s centralized single sign in and user authorization system needs only one set of login credentials that can be used to access numerous applications.

Just tap “Yes” or “No” and Bob’s your uncle.

/by