Proof of strong customer authentication according to PSD2 | Coronic | Indirect biometrics
| Certification type | Compliance with the PSD2 requirements regarding strong customer authentication |
| Certificate holder | CORONIC GmbH |
| Certified product | Indirect biometrics |
| Testing method | Analysis on the basis of descriptive documents (design analysis) |
| The audit includes | The concept of indirect biometrics, which was developed by CORONIC GmbH (CORONIC), aims to authenticate the user of a mobile device by means of biometric feature recognition. This identification process does not take place exclusively on the mobile device, but in connection with an associated background system. The intended main application is the use in online banking applications. CORONIC’s concept of indirect biometrics uses the biometric sensors and trustworthy execution environments available in the majority of mobile devices to authenticate users using biometric methods. |
| Description | SRC certifies that the concept of indirect biometrics meets all requirements of the Regulatory Technical Standard for Strong Customer Authentication of the Second Payment Services Directive (PSD2) that are within the scope of the concept. SRC verifies that CORONIC’s indirect biometrics concept meets the regulatory requirements of the RTS for enabling the procedure, for login with PIN and login without PIN as well as for transaction authorization. This also includes the possible use of a possession factor according to RTS that is independent of the inheritance factor. Finally, processes for device migration with QR code and with migration code are also classified as fully compliant with RTS. The concept of indirect biometrics thus allows in particular the use of an inheritance factor in online banking. |
