Breakthrough in online banking: mBank’s mobile authorisation

Breakthrough in online banking: mBank’s mobile authorisation

mBank is one of the first banks in the world to introduce the possibility of confirming transactions in a mobile application. It is even safer than SMS passwords and one-off codes, which are popular nowadays. First, a pilot action will be launched for clients willing to try out the new solution.

Mobile authorisation of transactions with the use of a mobile application is one of the first solutions of this kind worldwide and the very first one in Poland. No other domestic bank has offered its clients this form of confirming operations so far.

According to the strategy for the years 2016-2020, mobile banking remains the key direction of development. We offer our clients solutions which are secure and innovative on a global scale. They help facilitate everyday banking activities and adjust them to the lifestyle of a mobile client. We hope that mobile authorisation will be appreciated by our clients thanks to its simplicity and convenience, says Marcin Piwowarczyk, who has been working on its launch.

The first phase is a pilot action, during which the bank’s clients will have the possibility to actually shape the service, which will subsequently (after all suggestions are collected and implemented) be made available to each mBank client. 
How does mobile authorisation work?

Mobile authorisation is a new – easier, faster and safer – way of confirming transactions made via the mBank transaction system. The whole process is executed in the bank’s mobile application and does not require any additional software. Now, having ordered an operation in online banking, clients have to retype an SMS password (short messages are sent to telephone numbers registered at the bank) or, alternatively, enter a series of characters from the one-off codes list (TAN).The new solution eliminates the necessity of retyping passwords. A push notification appears in the bank’s mobile application directly after an operation is ordered in the internet transactional system. One just needs to log into the application and confirm or reject a transaction with one click.

Additionally, the screen with operation details presented in the notification is very clear so that it is easy to check whether the operation the client is about to confirm has actually been ordered by him or her and whether it includes any mistakes.

Mobile authorisation and security

The new method of confirming transactions meets the utmost security standards and protects clients’ transactions from the consequences of malware being installed on their mobile phones. It is based on state-of-the-art cryptographic and technological solutions. Most importantly, communication between the mobile application and the bank’s service is secured with SSL/TLS encryption and additional encryption within the SSL/TLS channel, which ensures full confidentiality and authenticity of the authorisation notification. All details of operations processed by the application are protected against unauthorised access and malicious software. Mobile authorisation also guarantees advanced mechanisms making it difficult to, among others, copy the application to another device.