6. Temenos Digital Web Banking with PIN (or Password) & SMS Secure Code & RMS

6.1 Registration (SMS Authentication)

1. Customer has received the customer ID and Activation Code using the Temenos components.

2. Customer is prompted to enter the customer ID and Activation Code.

3. Customer enters the customer ID and Activation Code.

   

4. Activation code is successfully validated on the HID Authentication Service.

5. Customer is prompted to add password.

   

6. Customer's password is submitted.

7. Password is stored securely on HID Authentication Service.

8. Customer is sent the SMS Secure Code to the registered mobile number.

9. Customer enters the Secure Code in the online banking application.

   

10. Secure Code authenticated successfully.

11. Customer has successfully registered for SMS-based authentication.

    

6.2 Login Web Channel (SMS)

1. Customer accesses the online banking application.

2. Online banking application requests JS probe and session data from RMS.

   1. RMS generates session data and returns it to Online banking application.

   2. Online banking application caches session data and sends data gathered by probe to RMS.

3. Customer chooses the option to log in with SMS Secure Code.

4. Customer is prompted to enter the customer ID and Password.

5. Customer enters the customer ID and Password.

   

6. Customer ID and Password are sent to HID Authentication Service for validation.

7. If successful, the customer is sent an SMS Secure Code to their registered mobile number.

8. Web online banking application prompts the customer to enter SMS Secure Code.

9. Customer enters the received SMS Secure Code in the online banking application.

   

10. SMS Secure Code is sent to the HID Authentication Service for validation.

11. Online banking application calls RMS to create session and get risk data (allow, step-up, block).

12. If ALLOW

    1. Online banking application calls RMS to login.

13. Customer is logged in successfully.

    

6.3 Transaction Web Channel (SMS Signature)

1. Customer initiates transaction in the online banking application.

   

2. Online banking application calls RMS to create payment and get risk data (allow, step-up, block).

   

3. If BLOCK

   1. Online banking application calls RMS to reject payment.

   2. Online banking application denies transaction.

4. If STEP-UP

   1. Customer is prompted to enter the PIN.

   2. Customer ID and PIN are sent to HID Authentication Service for validation.

   3. If the Customer ID and PIN authentication is successful, the customer is sent an SMS Secure Code along with transaction details to their registered mobile number.

   4. Web online banking application prompts the customer to enter SMS Secure Code.

   5. Customer enters the received SMS Secure Code in the online banking application.

      

   6. SMS Secure Code is sent to the HID Authentication Service for validation.

   7. Online banking application calls RMS to sign and accept the transaction.

   8. Transaction completed successfully.

      

5. If ALLOW

   1. Online banking application calls RMS to sign and accept the transaction.

   2. Transaction completed successfully.

      

   Note: This workflow can also be used for any non-financial transactions such as updating a mobile number or email address, etc.

6.4 Change PIN or Password

1. Customer initiates SMS PIN or Password change in the online banking application.

2. Online banking application calls RMS to create action and get risk data (allow, step-up, block).

   

3. If BLOCK

   1. Online banking application calls RMS to reject action.

   2. Online banking application denies Change PIN request.

4. If STEP-UP

   1. Customer is prompted to enter the PIN.

      

   2. Customer ID and PIN are sent to HID Authentication Service for validation.

   3. If the Customer ID and PIN authentication is successful, the customer is sent an SMS Secure Code along with transaction details to their registered mobile number.

   4. Web online banking application prompts the customer to enter SMS Secure Code.

      

   5. Customer enters the received SMS Secure Code in the online banking application.

   6. SMS Secure Code is sent to the HID Authentication Service for validation.

   7. Online banking application calls RMS to sign and complete the action.

   8. Customer is prompted to enter new SMS PIN or Password.

      

   9. New PIN or Password is sent to HID Authentication Service and stored securely.

5. If ALLOW

   1. Online banking application calls RMS to sign and complete the action.

   2. Customer is prompted to enter new SMS PIN or Password.

      

   3. New PIN or Password is sent to HID Authentication Service and stored securely.

6.5 Forgotten PIN or Password

The customer can't recover their forgotten or lost SMS PIN. Customer must contact the bank and request for their account to be reset. Upon reset customer will be sent a new Activation Code so they can re-register for SMS-based authentication to online banking.

6.6 Expired PIN or Password

1. Customer accesses the online banking application.

2. Online banking application requests JS probe and session data from RMS.

   1. RMS generates session data and returns it to Online banking application.

   2. Online banking application caches session data and sends data gathered by probe to RMS.

3. Customer chooses the option to log in with SMS Secure Code.

4. Customer is prompted to enter the customer ID and PIN.

5. Customer enters the customer ID and PIN.

   

6. Customer ID and PIN are sent to HID Authentication Service for validation.

7. HID Authentication Service returns a response that the PIN or Password has expired.

   

8. Infinity prompts the customer to enter a new PIN or Password..

9. Infinity sends the new password to the HID Authentication Service to store it securely.

10. Customer is prompted to enter the new PIN or Password.

11. The new PIN or Password is sent to the HID Authentication Service for validation.

12. If successful, the customer is sent an SMS Secure Code to their registered mobile number.

13. Web online banking application prompts the customer to enter SMS Secure Code.

    

14. Customer enters the received SMS Secure Code in the online banking application.

15. SMS Secure Code is sent to the HID Authentication Service for validation.

16. Online banking application calls RMS to create session and get risk data (allow, step-up, block).

17. If BLOCK or STEP-UP

    1. Online banking application calls RMS to reject login.

    2. Online banking application denies access to account.

18. If ALLOW

    1. Online banking application calls RMS to login.

    2. Customer is logged in successfully.

       

6.7 SMS Authentication Policy Reset Failure Counter

An SMS Secure Code authentication policy on the HID Authentication Service can be blocked due to customers entering incorrect SMS Secure Codes for authentication in the web channel. The customer must contact the bank help desk so the bank can reset the failure counter of the authentication policy from Spotlight. It is recommended that the bank staff perform Identity and Verification before resetting the failure counter. Please note that Spotlight integration is out of scope for HID Global.

6.8 SMS Authentication Policy Reset Number of times the customer can request for Secure Code

It is possible to configure the number of times a customer can request for SMS Secure Code on the HID Authentication Service without validating it. This configuration prevents the bank customers from being exposed to DDOS attacks. If this is configured to a limited number of requests and the customer has exceeded the threshold then they will not be able to request for SMS Secure Code anymore. Customers must contact the bank help desk so the bank can unregister and register the SMS authentication policy so customers can continue to login. It is recommended that the bank staff perform Identity and Verification before they re-register the SMS authentication policy for the customer.