Raiffeisenbank Releases RB Key, a Mobile Token App That Makes Login and Payments Fast and Secure
RB Key app by Wultra replaces the legacy SMS authorization with biometry or PIN code authorization in a native mobile app. As a result, customers do not have to rewrite one-time-passwords anymore, which makes for a better experience. Besides the use in Internet banking and third-party apps, customers can also use RB Key when withdrawing cash at Raiffeisenbank’s cash desks or when calling at the helpline.
Delivery of the RB Key for iOS and Android was our greatest project yet. We used our cutting edge security components as puzzle pieces of a rock-solid mobile authenticator app. At the same time, we leveraged our more than a decade long experience in the mobile app design to bring the Raiffeisenbank customers a fast and beautiful mobile app that improves their experience in digital banking. Let us share what makes us most proud of what we have introduced with RB Key.
Blazing Fast Login and Payment Approval
RB Key uses push notifications to alert the user about a login request or pending payment approval. The user only needs to open the notification, review the operation and use a PIN code or biometry to confirm it (or reject it, in case anything feels fishy). RB Key is significantly faster and more user-friendly than the previous SMS OTP and I-PIN method.
Efficient User Onboarding
There is no point in making an app that nobody will end-up using. This is why we made the user onboarding simple. Raiffeisenbank customers can onboard the mobile token either via Internet banking or by visiting a branch. In both cases, all they need to do is scan an activation QR code and approve the operation with a security element they already have. Fast, simple and secure!
Recovery of a Lost Device
What happens if a customer loses a device with an RB Key app? This was one of the big questions for us and a concern we had to address. In the end, we found the right solution! To help the customer set up the RB Key on a new device, we implemented a secure device recovery mechanism. Users can rewrite the device recovery credentials while onboarding the mobile token, or display them at any time later in the app settings.
No Internet? No problem!
In case a customer does not have an Internet connection, RB Key supports an off-line fallback mechanism. Customer can scan a QR code with login or payment details from the Internet banking, approve it with the PIN code or biometry in the RB Key app, and rewrite a 16 digit long authorization code (the same format as a credit card number) from the mobile app back to the Internet banking.
The Main Hero: The Invisible App Security
RB Key secures every transaction that is approved by the app user. Every single login or payment request is signed using our strong cryptographic signatures, leveraging the power of the elliptic curve cryptography that is in the core of our own open-source authentication and authorization protocol for banking: PowerAuth. To harden the cryptography and application runtime even further, we also protected the mobile app by our industry-leading App Shielding technology.
We could have played it safe and made the RB Key a mobile app that is “just OK”. We did not settle for this. We went much further and invested extra time and energy into making a stunning user interface, enhancing it even further with meaningful user interface animations, haptic feedback, and sounds. And one bonus feature: The iOS customers can choose their preferred app icon.
Wultra Mobile Token is an easy-to-use mobile app for iPhone and Android thanks to which you will never have to use SMS authorization or distribute hardware tokens. Wultra Mobile Token makes access to all your digital channels easier for your customers with a highly secure and user-friendly means of authentication and authorizing operations.