4. Temenos Digital Web Banking with HID Hardware Tokens

4.1 Registration

  1. Customer has received the customer ID and Activation Code using the Temenos components.

  2. Customer accesses the online banking application and chooses the option to register or enroll an account.

  3. Customer is prompted to enter the customer ID and Activation Code.

  4. Customer enters the customer ID and Activation Code.

  5. Activation code is successfully validated on the HID Authentication Service.

  6. Customer is requested to enter the serial number of the hardware token.

  7. Temenos Digital validates the hardware token serial number on the HID Authentication Service and assigns it to the customer.

  8. Customer is prompted to enter the Secure Code generated in the hardware token.

  9. Customer generates the Secure Code in the hardware token and enters it in the online banking application.

  10. Secure Code authenticated successfully.

  11. Customer has successfully registered for hardware token-based authentication.

4.2 Login Web Channel (Secure Code)

  1. Customer accesses the online banking application.

  2. Customer is prompted to enter Secure Code generated in the hardware token.

  3. Customer must enter a PIN in the hardware token to generate a Secure code.

  4. Customer enters the Secure Code in the online banking application.

  5. Secure Code is validated against the HID Authentication Service.

  6. Customer is logged in successfully if the authentication is successful.

4.3 Transactions Web Channel (Secure Code)

  1. Customer initiates transaction in the online banking application.

  2. Customer is requested to enter transaction details in the hardware token and generate Secure Code (e.g., Account Number and Amount).

  3. Online banking application prompts the customer to enter the Secure Code generated in the hardware token.

  4. Customer must enter a PIN in the hardware token to generate a Secure code.

  5. Customer enters the Secure Code in the online banking application.

  6. Online banking application sends the data values and signing Secure Code to the HID Authentication Service for validation.

  7. Customer can complete the transaction if authentication is successful.

4.4 Locked Hardware Token

If a customer has locked the hardware token by entering an incorrect PIN value, it is not possible to recover the PIN and the customer must contact the bank to unlock the token. It is recommended that the bank staff perform Identity and Verification before unlocking a token for a customer.

  1. Customer contacts bank help desk and requests for assistance to unlock the hardware token.

  2. Bank staff requests the customer to provide the code challenge from the hardware token.

  3. Customer provides the bank staff with the challenge code displayed in the hardware token.

  4. Bank staff searches for the user in Spotlight, enters the code challenge, and requests an unlock code.

  5. HID Authentication Service returns an unlock code.

  6. Bank staff provides the unlock code to the customer.

  7. Customer enters the unlock code in the hardware token to successfully unlock the token.

  8. Customer is prompted to set a new PIN to protect the token.

    Note: If Spotlight does not have the functionality, it is recommended that the system integrator updates the component to support it.

4.5 Synchronize Hardware Token

A hardware token can go out of sync depending on its life and usage. Hardware tokens lifetime is typically 4 years, and it is recommended to replace the token after this period. It is possible to resynchronize a hardware token if it goes out of sync. It is recommended that the bank staff perform Identity and Verification before assisting a customer to synchronize a token.

  1. Customer contacts bank help desk and requests assistance as authentication is failing in the online banking application.

  2. Bank staff requests the customer to provide the Secure Code generated in the hardware token (auto-resync) or clock counter value (manual resync) from the hardware token.

    Note: Customer must enter a PIN in the hardware token to generate a Secure code.

  3. Customer provides the bank staff the Secure Code or clock counter value displayed in the hardware token.

  4. Bank staff searches for the user in Spotlight and enters the Secure Code or clock counter value to synchronize the token.

  5. HID Authentication Service returns a success message.

  6. Bank staff confirms that the hardware token is synchronized with the HID Authentication Service.

  7. Customer can generate Secure Code and authenticate successfully in the online banking application.

    Note: If Spotlight does not have the functionality, it is recommended that the system integrator updates the component to support it.

4.6 Secure Code Authentication Policy Reset Failure Counter

A Secure Code authentication policy on the HID Authentication Service can be blocked due to customers entering incorrect Secure Codes for authentication to web online banking applications. Even if a customer has multiple devices assigned, login from all devices will be impacted if the authentication policy on the backend is blocked. The customer must contact the bank help desk so the bank can reset the failure counter of the authentication policy from Spotlight. Please note that Spotlight integration is out of scope for HID Global. It is recommended that the bank staff perform Identity and Verification before resetting the failure counter.

Note: If Spotlight does not have the functionality, it is recommended that the system integrator updates the component to support it.