Advcash is a popular payment system for convenient international payments and transactions with cryptocurrencies. Millions of people around the world use the Advcash payment system services daily
Advcash has been cooperating with Protectimus since 2015, and we are extremely pleased with the results of this cooperation. Over the past years, we’ve had only positive cases of working together. Protectimus helped us at every stage, from integration to adding additional features that solved our specific tasks. For example, when we decided to abandon SMS as the two-factor authentication method, Protectimus suggested using chatbots in instant messengers to deliver one-time passwords, which is much easier, cheaper, and safer than SMS. For the entire period of using Protectimus 2FA, we receive service in the 24/7 format without any breakdowns or other issues, and the Protectimus support services are beyond praise. Using Protectimus, we are confident that Advcash infrastructure and users are well protected. Protectimus gives us what money can’t buy – not a sense of security, but REAL security. I highly recommend it for implementation.
Artem Sh., Information Security Director at Advcash
Key tasks for implementing 2FA for Advcash
The administrators of the Advcash payment system set the following tasks for the two-factor authentication (2FA) provider
- To protect the accounts of Advcash employees with 2FA.
- To protect the accounts of end users of the Advcash payment system with 2FA.
- To add an additional layer of protection against phishing and data spoofing.
- To provide a choice of different types of 2FA tokens for Advcash payment system end users.
- To organize targeted delivery of hardware 2FA tokens to the end users of the payment system.
- To find a way to deliver one-time passwords to the Advcash end users that will be as convenient as SMS, but at the same time more secure and less expensive.
The following Protectimus 2FA products were chosen to solve the above mentioned tasks
- Protectimus Cloud Two-Factor Authentication (2FA) Service;
- Users groups functionality is realized using the Resources;
- Geographic filters;
- IP filtering function;
- CWYS (Confirm What You See) data signing function;
- Classic hardware 2FA tokens Protectimus Two;
- Application for generating one-time passwords Protectimus Smart OTP (iOS and Android);
- Delivery of one-time passwords via Protectimus Bot chatbots in Telegram, Facebook Messenger, and Viber.
Challenges and Solutions
To perform the integration using API
The functionality of integration with Protectimus two-factor authentication (2FA) service via API is available even for the free service plan. API integration documentation is publicly available on the Protectimus website. The Protectimus team is also ready to connect with the customer to help with the integration remotely, if necessary.
To set different two-factor authentication (2FA) rules for the Advcash employees’ accounts and payment system end users’ accounts
The Protectimus two-factor authentication (2FA) service allows dividing users into groups using Resources. Advcash administrators have created two 2FA Resources – one for the end users and another for company employees. These Resources have different security rules.
For example, geographic filters and IP filtering are activated for the Advcash employees. Besides, they can use only hardware 2FA tokens.
At the same time, filters are not activated for the Advcash end users, but the data signing function CWYS (Comfirm What You See) is. Also, the Advcash end users have the opportunity to choose one of three types of 2FA tokens: hardware OTP tokens, 2FA apps, or 2FA chatbots Protectimus Bot in Telegram, Viber, Facebook Messenger.
To provide an extra layer of protection against phishing and data spoofing
The Protectimus CWYS (Confirm What You See) function is a powerful protection tool against phishing, data spoofing, man-in-the-middle attacks, and similar hacking techniques. When the Protectimus CWYS function is activated, the unique data of the user transactions (the amount, currency, recipient data, etc.) are used as variables for the one-time password generation. Such one-time passwords are valid only for the transactions that the users make. Even if the OTP password is intercepted, it will not work to sign any other transaction.
To provide a choice of different types of 2FA tokens for Advcash end users
The Protectimus two-factor authentication (2FA) system works with different types of OTP tokens: SMS, email, the free 2FA authenticator Protectimus Smart OTP, other 2FA apps, programmable and classic hardware 2FA tokens, and chatbots in instant messengers. The Advcash payment system allows the end users to choose one of three types of OTP tokens: a 2FA application Protectimus Smart OTP, a hardware OTP token Protectimus Two, or the delivery of one-time passwords via chatbots in Telegram, Viber, or Facebook Messenger.
To add the Protectimus Two hardware token, the Advacsh user must order it from their account in the payment system and pay it additionally.
To organize targeted delivery of hardware 2FA tokens to end users of the payment system
Protectimus tries to take into account all the requirements of our customers and implement them into life, if possible. One of the unique services that we provide specifically for the Advcash payment system is the targeted delivery of hardware tokens to the Advcash end users directly from the Protectimus logistics warehouses.
To find a way to deliver one-time passwords that will be as convenient for the end user as SMS, but at the same time more secure and less expensive
Many payment systems, crypto exchanges, and banks use SMS authentication. But this method of two-factor authentication (2FA) is not the best in terms of security because of the risks of message interception and SIM-swapping attacks. In addition, you need to pay extra to the mobile operator for each SMS message.
The Advcash payment system spent a lot of money on SMS messages monthly, delivering notifications and OTP password. Our task was to find a more cost effective and secure way to send one-time passwords to the end users.
The solution was found – we implemented 2FA chatbots Protectimus Bot in Viber, Telegram, and Facebook Messenger messengers. Now Andcash is using them to send one-time passwords and other important notifications to their end users. Over time, the list of messengers will expand.