
Multi-Factor Strong Authentication
Passwords are no longer sufficient to fend off hackers. Strong authentication services enable web applications to identify end-users securely. This gives high level assurance and control to every organisation that needs to protect access to its web services.
Strong customer authentication (also known as multi-factor authentication) uses two or more of the following elements:
- knowledge (something only the user knows),
- possession (something only the user has)
- inherence (something the user is)




Does my company need strong authentication?
Yes, if you need to protect access to on-line services and personal data in order to reduce financial and reputational risk
Yes, if you need to comply with:
- Payment Service Directive 2 (PSD2) which requires strong authentication “each time a payer accesses their payment account online, initiates an electronic payment transaction or carries out any action through a remote channel which may imply a risk of payment fraud or other abuse”
- General Data Protection Regulation (GDPR) which requires strong protection of users’ personal data

Government
Access to eGov applications
Declarations and process requests
See, update personal data
Register and subscribe to social services
Benefits and other social welfare
Why us?

- Large choice of eID (electronic identity) devices- Simple user interface supported both by iOS and Android
- Can be easily integrated into legacy application environments (via standard SAML2 protocol).
- No maintenance needed (such as integration of new authentication protocols).
- Delivered from a Tier IV Data Centre in Luxembourg.
- Fully compliant with the latest EU Payment Service Directive (PSD2) requirements, including “Dynamic Linking” security measures.
- Supervised by the CSSF, Luxembourg’s financial sector regulator
- Helpdesk support in 8 languages for the management of certificates with possible revocation 24/7
Finding the right authentication solution for you
LuxTrust’s Strong Customer Authentication services are available through a “Strong Authentication as a Service” platform in SaaS mode. They are delivered via the easily accessible LuxTrust ORELY portal, which is hosted in Tier IV Data Centres in Luxembourg.
Services can be integrated easily into existing Web application environments, using the SAML protocol. LuxTrust can provide sample libraries to accelerate the implementation process.
Your end-users are equipped with LuxTrust electronic identities, also called certificates. Once the authentication portal is integrated with your system, LuxTrust provides users with an authentication device linked to their certificate. This device will give them access to your website through a strong authentication process. Below are the different supports available.

The LuxTrust Mobile App is an application installed on a smartphone or a tablet compatible with iOS and Android. Use App-to-App mode or the device’s camera to scan dynamic QR codes to generate one time password (OTP). LuxTrust mobile application is PSD2- compliant.

The token is an electronic device, the size of a key fob, with a LCD display and one button. The device generates and displays a code for a single use: a one-time password (OTP).

The LuxTrust Scan is an electronic device with an LCD display and an integrated camera. The device is used to scan QR codes to generate a one-time password (OTP). LuxTrust Scan is PSD2- compliant.

The SmartCard is a chip-based device you use in association with a SmartCard reader. It is ideal for professionals.

The LuxTrust Signing Stick is a chip-based USB key. It is ideal for individuals seeking a very high level of security and user-friendliness.