Re-enrollment, Customer Onboarding and Magic Links

Enrollment and re-enrollment are two of the most security-sensitive aspects of a banking app. Re-enrollment in particular is the most sensitive of the two procedures, even more sensitive than verifying transactions. So what is the best way to go about re-enrolling when logging into a banking app on a new device? Let’s take a look at the challenges and possibilities of SCA when finding yourself in this situation. The reason why enrollment and re-enrollment are two of the most security-sensitive aspects of a banking app is simple: when you do an app-based strong customer authentication (SCA), the user has already been authenticated on the device. This means that it is possible to check the ‘possession’ factor using a device fingerprint from before. If a customer has lost their device, and needs to be re-enrolled in a service, the possession factor cannot be verified, making email addresses, passwords and secret codes no longer strong enough. Unfortunately, if this happens, it becomes fairly easy for a user to be impersonated by an attacker who has gotten a hold of their personal credentials. That is why if a customer does have an existing device registered to their account, we recommend using SCA through that device to enroll any potential new devices. And one of the ways we’ve helped our customers strengthen their enrolment process is to implement a mechanism known as ‘magic link’. To read more about magic links, check out the full article here.