Protectimus Customer Stories: 2FA for Advcash

The following Protectimus 2FA products were chosen to solve the above mentioned tasks

• Protectimus Cloud Two-Factor Authentication (2FA) Service;
• Users groups functionality is realized using the Resources;
• Geographic filters;
• IP filtering function;
• CWYS (Confirm What You See) data signing function;
• Classic hardware 2FA tokens Protectimus Two;
• Application for generating one-time passwords Protectimus Smart OTP (iOS and Android);
• Delivery of one-time passwords via Protectimus Bot chatbots in Telegram, Facebook Messenger, and Viber.

To perform the integration using API

The functionality of integration with Protectimus two-factor authentication (2FA) service via API is available even for the free service plan. API integration documentation is publicly available on the Protectimus website. The Protectimus team is also ready to connect with the customer to help with the integration remotely, if necessary.

To set different two-factor authentication (2FA) rules for the Advcash employees’ accounts and payment system end users’ accounts

The Protectimus two-factor authentication (2FA) service allows dividing users into groups using Resources. Advcash administrators have created two 2FA Resources – one for the end users and another for company employees. These Resources have different security rules.

For example, geographic filters and IP filtering are activated for the Advcash employees. Besides, they can use only hardware 2FA tokens.

At the same time, filters are not activated for the Advcash end users, but the data signing function CWYS (Comfirm What You See) is. Also, the Advcash end users have the opportunity to choose one of three types of 2FA tokens: hardware OTP tokens, 2FA apps, or 2FA chatbots Protectimus Bot in Telegram, Viber, Facebook Messenger.

To provide an extra layer of protection against phishing and data spoofing

The Protectimus CWYS (Confirm What You See) function is a powerful protection tool against phishing, data spoofing, man-in-the-middle attacks, and similar hacking techniques. When the Protectimus CWYS function is activated, the unique data of the user transactions (the amount, currency, recipient data, etc.) are used as variables for the one-time password generation. Such one-time passwords are valid only for the transactions that the users make. Even if the OTP password is intercepted, it will not work to sign any other transaction.

To provide a choice of different types of 2FA tokens for Advcash end users

The Protectimus two-factor authentication (2FA) system works with different types of OTP tokens: SMS, email, the free 2FA authenticator Protectimus Smart OTP, other 2FA apps, programmable and classic hardware 2FA tokens, and chatbots in instant messengers. The Advcash payment system allows the end users to choose one of three types of OTP tokens: a 2FA application Protectimus Smart OTP, a hardware OTP token Protectimus Two, or the delivery of one-time passwords via chatbots in Telegram, Viber, or Facebook Messenger.

To add the Protectimus Two hardware token, the Advacsh user must order it from their account in the payment system and pay it additionally.

To organize targeted delivery of hardware 2FA tokens to end users of the payment system

Protectimus tries to take into account all the requirements of our customers and implement them into life, if possible. One of the unique services that we provide specifically for the Advcash payment system is the targeted delivery of hardware tokens to the Advcash end users directly from the Protectimus logistics warehouses.

To find a way to deliver one-time passwords that will be as convenient for the end user as SMS, but at the same time more secure and less expensive

Many payment systems, crypto exchanges, and banks use SMS authentication. But this method of two-factor authentication (2FA) is not the best in terms of security because of the risks of message interception and SIM-swapping attacks. In addition, you need to pay extra to the mobile operator for each SMS message.

The Advcash payment system spent a lot of money on SMS messages monthly, delivering notifications and OTP password. Our task was to find a more cost effective and secure way to send one-time passwords to the end users.

The solution was found – we implemented 2FA chatbots Protectimus Bot in Viber, Telegram, and Facebook Messenger messengers. Now Andcash is using them to send one-time passwords and other important notifications to their end users. Over time, the list of messengers will expand.

Protectimus Service

The MFA server is already installed and configured in the Protectimus cloud. The customer does not need to spend time and money to create their own infrastructure.

Protectimus CWYS

One-time passwords are created using the user’s unique transaction data as variables, which enhances protection against phishing and data spoofing.

Protectimus
Bot

Free delivery of one-time passwords and any other notifications via chatbots in instant messengers Telegram, Viber, or Facebook Messenger.

Protectimus Smart OTP

Free two-factor authentication application (2FA authenticator) for generating HOTP, TOTP, and OCRA OTP passwords. Available for Android and iOS smartphones.

Protectimus
Two

Hardware 2FA tokens with pre-inatalled secret keys. The secret key cannot be reprogrammed in this OTP token. Waterproof, shockproof, and dust protected.