Discover our two-factor authentication for online purchases

Our customer WiZink, the digital consumer bank operates in Spain and Portugal, has been able to make the most of push notifications. It has extended their use to deal with the requirements of European Directive PSD2, specifically the need to implement Strong Customer Authentication (SCA) for online purchases. By using it, not only has it managed to increase the security of its transactions, but it has also considerably improved user experience by helping them to validate monetary movements simply and directly.

The challenge of the digital bank WiZink: adapting to the European Directive PSD2

In 2015, the European Union created a directive to force banks and financial companies to implement systems that help to protect against fraud, especially with regard to online card payments.

The response to this has been the SCA (Strong Customer Authentication), a double-factor authentication method that has been mandatory since December 31, 2020. This reinforced verification forces you to validate your identity with at least two of these three methods:

• With something you know. This is what happens when you are asked to use passwords.
• With something you are. For this, they use biometric systems such as your fingerprint.
• With something you have. Such as, for instance, your mobile phone. It is precisely in this method that the digital bank WiZink saw a clear opportunity to differentiate itself from other banks and also to improve customer satisfaction.

WiZink’s innovation through the use of push notifications

Through its collaboration with indigitall, WiZink has developed a validation system focused on app push notifications. Thanks to this, if you are its customer, both your computer and your mobile phone will be valid tools to accredit your identity. When the user goes to carry out a transaction, they will be sent a code directly to their device with which they will be able to confirm their identity quickly, without having to move between different screens.

The OTPs (One Time Passwords) sent to the app by push notifications replace the sending of SMS messages to the user’s mobile. So, not only have we simplified and improved user experience, but we have also considerably reduced SMS message costs since they are not necessary.

Furthermore, it is a system where we provide more security than other methods, such as the sending of OTPs via SMS or the insertion of card contrast data. At indigitall we have developed a point-to-point encryption system because it guarantees that only you will be able to receive notifications from WiZink, thereby eliminating potential fraud due to phishing.

Why Encrypted Push is a Secure Channel

• End-to-End Encryption: Only the bank and the user can access the notification, protecting sensitive data and preventing fraud.

• Verified Source: Unlike SMS, where anyone can spoof a sender, encrypted push notifications guarantee the authenticity of the sender.

• No Phone Number Required: Users don’t need to share their phone number, further safeguarding personal data.

• Compliance: Fully meets PSD2 and SCA regulatory requirements for secure digital transactions.

Value for Banks and Users

• Superior User Experience: The process is fast, intuitive, and frictionless—no need to juggle passwords or wait for SMS codes.

• Higher Acceptance and Conversion Rates: WiZink saw transaction completion rates rise to 90% with push, compared to 78% with SMS.

• Reduced Costs: Push notifications are significantly more cost-effective than SMS, with some organizations saving up to 60% on messaging costs.

• Brand Reputation & Satisfaction: Enhanced security and ease of use lead to higher customer satisfaction and improved brand trust.

• Immediate and Controlled Delivery: Notifications are delivered instantly and can be tracked for compliance and auditing.