Sentrycs Software-as-a-Service, preventing Identity Theft and Identity Fraud, is available online
Sentrycs Identification-as-a-Service: Security, Usability and Scalability, compliant with PSD2.
By: SentryCom Ltd.
A vast majority of Internet users prefer to log in to various websites using Social Networks, instead of registering with each of these websites. Internet users find the usability of Social Login more attractive, than memorizing endless usernames and passwords. Moreover, these websites enjoy simple integration with Social Login, thus emphasizing the scalability of this approach. The major problem of Social Login is its insufficient security. In fact, Social networks estimate that 5-10% of their accounts are fake. In addition, Social Logins use weak identification through username/password. Recent attempt to patch this weakness by introducing 2-step verification, using SMS-OTP, is already deprecated by US NIST. An additional security problem: Social Login identification is out-of-transaction-
What level of security should we adopt? The security requirements for Consumer-Facing, Secure Customer Authentication (SCA) were set by EU Payments Services Directive PSD2.
According to PSD2:
SCA must be based on the use of two or more elements that have to be independent from each other, namely knowledge (something only the user knows), possession (something only the user possesses), and inherence (something the user is).
The SCA mechanism must generate an authentication code specific to the transaction content (amount of the payment and the payee).
Strong customer authentication must ensure that the breach of one of the SCA elements does not compromise the reliability of the other elements.
We believe that these security requirements can be applied to any mission-critical, consumer-facing applications at Government, Financial, HealthCare and IoT.
Sentrycs IDaaS includes Sentrycs Web and Sentrycs Mobile, providing optimized performance for Web and for Mobile. Sentrycs Digital Identity is established by real-time interaction with Real-Identity host (Government or Financial). Once it is established – it can be verified in real-time, in conjunction with any Web or Mobile application using low-friction, context-sensitive multi-factor strong identification. Sentrycs Mobile utilizes a single smartphone for ALL mobile applications with <3 sec. of user's friction. Sentrycs Web utilizes a single username for ALL Web applications with <10 sec. of user's friction. Integration with any Web or Mobile application takes less than 1 day.
For Sentrycs Mobile and Sentrycs Web demo please follow:
For additional technical information :
For further information please visit us at http://www.sentry-