bankingciooutlook

Sequent Software: Enhancing Mobile Banking Security through Tokenization

Follow Sequent Software on :

John Kirst, CRO, Sequent SoftwareJohn Kirst, CRO
Mobile banking apps require an individual’s personally identifiable information (PII)—card number, bank account number, and other details—to be present on their mobile devices to enable transactions. Banks have relied on techniques such as multi-factor authentication, encryption, and more to secure the perimeter and protect the information. These features hamper the end-user experience, and moreover, since the security of mobile phones can be compromised, fraudsters can hack the phone and gain access to PII and thereby use it for malicious activities. Instead of securing the perimeter, Sequent Software protects the information through tokenization where the PII stored in their mobile phones are attributed arbitrary values (tokens) so that even if cybercriminals get access to these tokens, they are unable to gain access to the sensitive data. Moreover, by being PCI DSS, Visa (VTS), Mastercard (MDES) and Interac (Flash) integrated and certified, Sequent brings together all payment types into a single solution while also ensuring compliance. It also allows banks to offer innovative payment services to the end-users by enabling multiple funding sources and permissions. “Our vision is built around applying tokenization to mobile environments and bringing another layer of security and trust to payment and transactions on mobile devices,” says John Kirst, CRO at Sequent Software.

MBA developers can leverage the Sequent tokenization platform-as-a-service which encompasses SDK and APIs with sandbox environment to install the tokenization feature into their new solutions or integrate it into their existing ones. The developers require no pre-requisite knowledge of features such as tokenization, key management, cryptography, and so on which helps them deliver an optimum end-user experience along with best-in-class security features. These MBAs support all types of mobile transactions including open banking, PSD2, faster payments, mobile payments, Host Card Emulation (HCE), contactless, QR Code, in-app, and eCommerce transactions through Android devices.


Sequent is the equivalent for Apple Pay in the Android world by delivering similar capabilities to Android users


“We are the security provider to the application owner when it comes to personal/private information and transactions,” adds Kirst.

Since most banks are already set up from a card management standpoint, their app developers can easily leverage the Sequent platform to implement the tokenization feature into their solutions. Instead of sending a customer’s details to a plastic card maker, they can send these details to Sequent who then tokenizes it to create a digital card on the phone. “Sequent is the equivalent for Apple Pay in the Android world by delivering similar capabilities to Android users,” adds Kirst.

Kirst shares a real-world scenario where Sequent helped one of their customers—a national debit card service provider for their country. The client had already issued 30 million debit cards that were co-branded with VISA/ Mastercard. The transactions done locally would be processed within the country, and VISA/Mastercard would process international transactions. They contacted Sequent for help to establish a system where the banks could enable mobile transactions using debit cards through an MBA. The company built the first-of-its-kind co-badged, dual token solution with two separate tokens. This ensured that the end-users would have their cards stored on the phone for use locally and globally while Sequent secures the transactions at the back-end to provide a truly exceptional user experience.

Having established itself in the VISA/Mastercard space, Sequent envisions providing more tokenization specifications in the private-labeled closed-loop markets as well. They are also focusing on secure remote commerce (SRC)—an approach to promote security and interoperability within the card payment experience in a remote payment environment. “By bringing tokenization, fraudsters no longer have access to reusable personal payment-related information,” concludes Kirst.