Multi-Factor Strong Authentication

Passwords are no longer sufficient to fend off hackers. Strong authentication services enable web applications to identify end-users securely. This gives high level assurance and control to every organisation that needs to protect access to its web services.

Strong customer authentication (also known as multi-factor authentication) uses two or more of the following elements:

knowledge (something only the user knows),
possession (something only the user has)
inherence (something the user is)

Does my company need strong authentication?

Yes, if you need to protect access to on-line services and personal data in order to reduce financial and reputational risk

Yes, if you need to comply with:

Payment Service Directive 2 (PSD2) which requires strong authentication “each time a payer accesses their payment account online, initiates an electronic payment transaction or carries out any action through a remote channel which may imply a risk of payment fraud or other abuse”
General Data Protection Regulation (GDPR) which requires strong protection of users’ personal data

Banking

Access to Web-banking:

Current and savings account

Financial and bank related communication

Investment account

Payments and transfers

Insurance

Access to online platforms:

Home, Car and Life Insurance

See, update personal data

Secure messaging and communication

Government

Access to eGov applications

Declarations and process requests

See, update personal data

Benefits and other social welfare

Health

Access to eServices

Lab and Test results

Prescriptions of drugs or medical equipment

Historical medical records

Secure messaging and communication

Why us?

Large choice of eID (electronic identity) devices- Simple user interface supported both by iOS and Android
Can be easily integrated into legacy application environments (via standard SAML2 protocol).
No maintenance needed (such as integration of new authentication protocols).
Delivered from a Tier IV Data Centre in Luxembourg.
Fully compliant with the latest EU Payment Service Directive (PSD2) requirements, including “Dynamic Linking” security measures.
Supervised by the CSSF, Luxembourg’s financial sector regulator
Helpdesk support in 8 languages for the management of certificates with possible revocation 24/7

Finding the right authentication solution for you

LuxTrust’s Strong Customer Authentication services are available through a “Strong Authentication as a Service” platform in SaaS mode. They are delivered via the easily accessible LuxTrust ORELY portal, which is hosted in Tier IV Data Centres in Luxembourg.

Services can be integrated easily into existing Web application environments, using the SAML protocol. LuxTrust can provide sample libraries to accelerate the implementation process.

Your end-users are equipped with LuxTrust electronic identities, also called certificates. Once the authentication portal is integrated with your system, LuxTrust provides users with an authentication device linked to their certificate. This device will give them access to your website through a strong authentication process. Below are the different supports available.

MOBILE

The LuxTrust Mobile App is an application installed on a smartphone or a tablet compatible with iOS and Android. Use App-to-App mode or the device’s camera to scan dynamic QR codes to generate one time password (OTP). LuxTrust mobile application is PSD2- compliant.

TOKEN

The token is an electronic device, the size of a key fob, with a LCD display and one button. The device generates and displays a code for a single use: a one-time password (OTP).

SCAN

The LuxTrust Scan is an electronic device with an LCD display and an integrated camera. The device is used to scan QR codes to generate a one-time password (OTP). LuxTrust Scan is PSD2- compliant.

SMARTCARD