2. Temenos Digital Web Banking with PIN (or Password) & SMS Secure Code

2.1 Registration (SMS Authentication)

  1. Customer has received the customer ID and Activation Code using the Temenos components.

  2. Customer is prompted to enter the customer ID and Activation Code.

  3. Customer enters the customer ID and Activation Code.

  4. Activation code is successfully validated on the HID Authentication Service.

  5. Customer is sent the SMS Secure Code to the registered mobile number.

  6. Customer enters the Secure Code in the online banking application.

  7. Secure Code authenticated successfully.

  8. Customer is prompted to add password.

  9. Customer's password is submitted.

  10. Customer has successfully registered for SMS-based authentication.

2.2 Login Web Channel (SMS)

  1. Customer accesses the web online banking application and chooses the option to log in with SMS Secure Code.

  2. Customer is prompted to enter the customer ID and Password.

  3. Customer enters the customer ID and Password.

  4. Customer ID and Password are sent to HID Authentication Service for validation.

  5. If successful, the customer is sent an SMS Secure Code to their registered mobile number.

  6. Web online banking application prompts the customer to enter SMS Secure Code.

  7. Customer enters the received SMS Secure Code in the online banking application.

  8. SMS Secure Code is sent to the HID Authentication Service for validation.

  9. If authentication is successful, the customer is logged in successfully to the online banking application.

2.3 Transaction Web Channel (SMS Signature)

  1. Customer initiates transaction in the online banking application.

  2. Customer is prompted to enter the Password.

  3. Customer ID and Password are sent to HID Authentication Service for validation.

  4. If the Customer ID and Password authentication is successful, the customer is sent an SMS Secure Code along with transaction details to their registered mobile number.

  5. Web online banking application prompts the customer to enter SMS Secure Code.

  6. Customer enters the received SMS Secure Code in the online banking application.

  7. SMS Secure Code is sent to the HID Authentication Service for validation.

  8. If authentication is successful, the customer can complete the transaction successfully in the online banking application.

    Note: This workflow can also be used for any non-financial transactions such as updating a mobile number or email address, etc.

2.4 Change PIN or Password

  1. Customer initiates SMS PIN or Password change in the online banking application.

  2. If authentication is successful, the customer is prompted to enter new SMS PIN or Password.

  3. New PIN or Password is sent to HID Authentication Service and stored securely.

2.5 Forgotten PIN or Password

  1. The customer can't recover their forgotten or lost SMS PIN. Customer must contact the bank and request for their account to be reset. Upon reset customer will be sent a new Activation Code so they can re-register for SMS-based authentication to online banking.

    Note: If Spotlight is not capable of handling the SMS-based authentication and PIN / Complex password policies it is recommended that the system integrator updates the component to support the functionality.

2.6 Expired PIN or Password

  1. Customer accesses the web online banking application and chooses the option to log in with SMS Secure Code.

  2. Customer is prompted to enter the customer ID and Password.

  3. Customer enters the customer ID and Password.

  4. Customer ID and Password are sent to HID Authentication Service for validation.

  5. HID Authentication Service returns a response that the PIN or Password has expired.

  6. Temenos Digital prompts the customer to enter a new PIN or Password

  7. Temenos Digital sends the new password to the HID Authentication Service to store it securely

  8. Customer is prompted to enter the new PIN or Password.

  9. The new PIN or Password is sent to the HID Authentication Service for validation.

  10. If successful, the customer is sent an SMS Secure Code to their registered mobile number.

  11. Web online banking application prompts the customer to enter SMS Secure Code.

  12. Customer enters the received SMS Secure Code in the online banking application.

  13. SMS Secure Code is sent to the HID Authentication Service for validation.

  14. If authentication is successful, the customer is redirected to the login page.

  15. Customer enter their customer ID and Password.

  16. Customer is sent an SMS Secure Code to their registered mobile number.

  17. Web online banking application prompts the customer to enter SMS Secure Code.

  18. Customer enters the received SMS Secure Code in the online banking application.

  19. If authentication is successful, the customer is logged in successfully to the online banking application.

2.7 SMS Authentication Policy Reset Failure Counter

  1. An SMS Secure Code authentication policy on the HID Authentication Service can be blocked due to customers entering incorrect SMS Secure Codes for authentication in the web channel. The customer must contact the bank help desk so the bank can reset the failure counter of the authentication policy from Spotlight. It is recommended that the bank staff perform Identity and Verification before resetting the failure counter. Please note that Spotlight integration is out of scope for HID Global.

    Note: If Spotlight is not capable of handling the SMS-based authentication policy it is recommended that the system integrator updates the component to support the functionality.

2.8 SMS Authentication Policy Reset Number of times the customer can request for Secure Code

  1. It is possible to configure the number of times a customer can request for SMS Secure Code on the HID Authentication Service without validating it. This configuration prevents the bank customers from being exposed to DDOS attacks. If this is configured to a limited number of requests and the customer has exceeded the threshold then they will not be able to request for SMS Secure Code anymore. Customers must contact the bank help desk so the bank can unregister and register the SMS authentication policy so customers can continue to login. It is recommended that the bank staff perform Identity and Verification before they re-register the SMS authentication policy for the customer.

    Note: If Spotlight is not capable of handling the SMS-based authentication policy it is recommended that the system integrator updates the component to support the functionality