Proof of strong customer authen­ti­cation according to PSD2 | Coronic | Indirect biometrics

Certi­fi­cation typeCompliance with the PSD2 require­ments regarding strong customer authen­ti­cation
Certificate holderCORONIC GmbH
Certified productIndirect biometrics
Testing methodAnalysis on the basis of descriptive documents (design analysis)
The audit includesThe concept of indirect biometrics, which was developed by CORONIC GmbH (CORONIC), aims to authen­ticate the user of a mobile device by means of biometric feature recog­nition. This identi­fi­cation process does not take place exclu­sively on the mobile device, but in connection with an associated background system. The intended main appli­cation is the use in online banking appli­ca­tions. CORONIC’s concept of indirect biometrics uses the biometric sensors and trust­worthy execution environ­ments available in the majority of mobile devices to authen­ticate users using biometric methods.
DescriptionSRC certifies that the concept of indirect biometrics meets all require­ments of the Regulatory Technical Standard for Strong Customer Authen­ti­cation of the Second Payment Services Directive (PSD2) that are within the scope of the concept. SRC verifies that CORONIC’s indirect biometrics concept meets the regulatory require­ments of the RTS for enabling the procedure, for login with PIN and login without PIN as well as for trans­action autho­rization. This also includes the possible use of a possession factor according to RTS that is independent of the inher­i­tance factor. Finally, processes for device migration with QR code and with migration code are also classified as fully compliant with RTS. The concept of indirect biometrics thus allows in particular the use of an inher­i­tance factor in online banking.