3. Temenos Digital Web Banking with HID Approve Mobile App

3.1 Registration (Web Channel Only)

  1. Customer has received the customer ID and Activation Code using the Temenos components.

  2. Customer accesses the online banking application and chooses the option to register or enroll an account.

  3. Customer is prompted to enter the customer ID and Activation Code.

  4. Customer enters the customer ID and Activation Code.

  5. Activation code is successfully validated on the HID Authentication Service.

  6. Customer is displayed a QR code and provided instructions to download and install the HID Approve mobile application.

  7. Customer downloads and installs the HID Approve mobile application.

  8. Customer scans the QR code using HID Approve mobile application.

  9. Customer is prompted to enter the PIN in the HID Approve mobile application.

  10. Customer can optionally enable biometrics in the HID Approve mobile application.

  11. Customer device registration is completed.

  12. Customer has successfully registered in the online banking application.

3.2 Login Web Channel (Secure Code)

  1. Customer accesses the online banking application and chooses the option to log in with Secure Code.

  2. Customer is prompted to enter the customer ID and Secure Code.

  3. Customer launches the HID Approve mobile application.

  4. HID Approve Mobile application checks the key validity and displays a warning if the keys are about to expire.

    1. If the customer chooses to renew the keys, they are prompted for PIN or Biometrics based on whether it is enabled by the user.

    2. Key renewal is completed.

  5. Customer selects the option to generate Secure Code.

  6. If Biometrics is enabled else go to the next step.

    1. Customer is prompted to provide biometrics.

    2. Customer provides biometrics (e.g., TouchID or FaceID).

    3. HID Approve mobile application displays Secure Code to customer.

  7. HID Approve mobile application prompts the customer to enter the PIN.

    1. HID Approve Mobile application displays Secure Code to customer.

  8. Customer enters the Secure Code in the online banking application.

  9. Secure Code is validated against the HID Authentication Service.

  10. Customer is logged in successfully if the authentication is successful.

3.3 Transaction Web Channel (Push-based)

  1. Customer initiates transaction in the online banking application.

  2. Customer is sent a push notification to the HID Approve mobile application.

  3. Customer actions the push notification and approves the transaction.

  4. If Biometrics is enabled else go to the next step.

    1. Customer is prompted to provide biometrics.

    2. Customer provides biometrics (e.g., TouchID or FaceID).

    3. HID Approve mobile application signs and sends the signed transaction to HID Authentication Service for validation.

  5. Mobile application prompts the customer to enter the PIN.

    1. HID Approve mobile application signs and sends the signed transaction to HID Authentication Service for validation.

  6. HID Authentication Service sends the customer transaction feedback to the online banking application.

  7. Online banking completes or denies the transaction based on the customer's action (Approve or Decline).

    Note: This workflow can also be used for any non-financial transactions such as updating a mobile number or email address, etc.

3.4 Transaction Web Channel (Offline Secure Code)

  1. Customer initiates transaction in the online banking application.

  2. Customer is prompted to enter Secure Code and displayed a QR code or data parameters (e.g., Account Number and Amount).

  3. Customer launches the HID Approve mobile application and chooses the option Signature or QR scan.

  4. Customer selects one of the options and depending on the option chosen they enter the data values or scan the QR code.

    1. If Biometrics is enabled else go to the next step.

      1. Customer is prompted to provide biometrics.

      2. Customer provides biometrics (e.g., TouchID or FaceID).

      3. HID Approve mobile application displays signing Secure Code.

    2. HID Approve Mobile application prompts the customer to enter the PIN.

      1. HID Approve mobile application displays signing Secure Code.

  5. Customer enters the signing Secure Code in the online banking application.

  6. Online banking application sends the data values and signing Secure Code to the HID Authentication Service for validation.

  7. The customer can complete the transaction if authentication is successful.

3.5 Forgotten HID Approve PIN or Locked PIN or Device Lost or Stolen

  1. If a customer has forgotten the PIN for the HID Approve mobile application or has locked the HID Approve mobile application service by entering an incorrect PIN value, it is not possible to recover the PIN and the customer must re-register the HID Approve mobile application service on this device. Similarly, if a customer has lost their device or the device is stolen, they must re-register the new device. In both cases above customer needs a new Activation Code so they can re-register from the web online banking application

  2. If the customer has a second device registered, they can log in to web or mobile banking using the secondary device, authorize the action using the same device, and request a new QR code. Customers can scan the QR code in the HID Approve mobile application to re-register the device

3.6 Additional Device Registration

  1. Customer logs in to the online banking application.

  2. Customer requests for QR code to register a new device with HID Approve mobile application.

  3. Online banking application displays a QR code.

  4. Customer installs the HID Approve mobile application and scans the QR code.

  5. Customer is prompted to enter the PIN.

  6. Customer can optionally enable biometrics in the HID Approve mobile application.

  7. Customer is prompted to enter a device name.

  8. Customer additional device registration is completed.

3.7 Device Management Web

  1. Login to the web online banking application.

  2. Go to the device management menu and initiate the action of suspending or deleting a device.

    Note: If a customer only has one registered device, sufficient warning must be provided to say that they will be unable to log in to banking channels after continuing this action. They will need to contact the bank for assistance.

  3. Customer is sent a push notification to the HID Approve mobile application.

  4. Customer actions the push notification and approves the action.

  5. If Biometrics is enabled else go to the next step.

    1. Customer is prompted to provide biometrics.

    2. Customer provides biometrics (e.g., TouchID or FaceID).

    3. HID Approve mobile application signs and sends the signed transaction to HID Authentication Service for validation.

  6. HID Approve Mobile application prompts the customer to enter the PIN.

    1. HID Approve mobile application signs and sends the signed transaction to HID Authentication Service for validation.

  7. HID Authentication Service sends the customer transaction feedback to the online banking application.

  8. Online banking completes or denies the device management action based on the customer feedback (Approve or Decline).

    Note: If a customer does not have internet access on their mobile device, the bank can offer an alternative authorization method using a Secure Code.

3.8 Secure Code Authentication Policy Reset Failure Counter

A Secure Code authentication policy on the HID Authentication Service can be blocked due to the customer entering incorrect Secure Codes for authentication to the web online banking channel. Even if a customer has multiple devices registered login from all devices will be impacted if the authentication policy on the backend is blocked. The customer must contact the bank help desk so the bank can reset the failure counter of the authentication policy from Spotlight. It is recommended that the bank staff perform Identity and Verification before resetting the failure counter. Please note that Spotlight integration is out of scope for HID Global.

Note: If Spotlight does not have the functionality, it is recommended that the system integrator updates the component to support it

3.9 Push Authentication Policy Reset Challenge Counter

It is possible to configure the number of times a customer can request push notifications on the HID Authentication Service without actioning the push request. This configuration prevents the bank customers from being exposed to DDOS attacks. If this is configured to a limited number of requests and customers have exceeded the threshold then they will not be able to request push notifications anymore. Customers must contact the bank help desk so the bank can reset the challenge counter of the push authentication policies from Spotlight. It is recommended that the bank staff perform Identity and Verification before resetting the challenge counter.

Note: If Spotlight does not have the functionality, it is recommended that the system integrator updates the component to support it.

3.10 Change HID Approve Mobile Application Service PIN

Note: Due to security reasons, we cannot provide screenshots of the HID Approve mobile application. Instead, we are showcasing screenshots of an application built using the HID Approve SDK. This application accurately replicates all functionalities of the HID Approve mobile app.

  1. Customer logs in to the HID Approve mobile application.

  2. Customer requests to change the PIN in the HID Approve mobile application.

  3. HID Approve Mobile application prompts the customer to enter their old PIN and create a new PIN.

  4. Customer enters old and new PIN.

  5. HID Approve mobile application updates the PIN.

  6. PIN change is completed successfully.