Banking without PINs and TANs

Banking without PINs and TANs thanks to indirect biometrics

Your own fingerprints, face, or the sound of your voice have always been characteristics of your unique identity. Thanks to AUT (CORONIC Authentication Technology), these biometric characteristics can be used for banking – in a browser, app or PC client. The biometric criteria will only be processed indirectly. They do not leave the end client’s smartphone and can therefore be used for authentication and authorization processes in line with BaFin and PSD2. The knowledge and possession factors can be swapped for various biometric characteristics in the banking process. Logins and transfers can be made without PINs, TANs and – if you want – without a chip card.

AUT – Product details re. biometrics banking

Easy integration

Easy integration into the existing product environment on the bank's and client's side. AUT Lib for integration into the existing banking clients and apps. AUT server as an ID broker in one's own CAS with a direct interface in the existing banking system.

Connection to the CAS system

The AUT server has an interface with the central authorization systems of European banks (CAS). Support is possible for internal bank interfaces, as well as Access to Account (XS2A).

Modern & modular

The AUT products are characterized by their modern, modular and scalable architecture. They are easy to adapt to one's own interfaces and requirements. The AUT Lib is available for iOS and Android. The server components can run in any data center as a JEE web application.

Fraud Protection

AUT provides data to fight fraud. Failed attempts, the number of repetitions, or unusual speed of use is monitored and the data is transmitted to the banking system.

In line with applicable regulations

The regulations permit banks to use their clients' biometric data for authentication processes. This happens by means of indirect biometrics on users' smartphones. The biometric characteristics are related to the device, client and account in an encrypted format. All AUT processes are in line with the regulations.

Secure and hardened

The AUT components comprise of hardened software. CORONIC has been hardening software products for over ten years for transactions in online payment and banking processes. Over 200 banks in Germany and Switzerland use hardened CORONIC products.

Data protection

All IT components related to the users are run exclusively on and via German servers, or directly in the respective banks' servers. The biometric data of the clients do not leave their smartphones – they are only tested indirectly and locally.

Selection of ID functions

The AUT Lib can bundle several ID functions. This means that the bank client can choose whether he/she wants TouchID, FaceID, hardware integration, PIN-TAN, tokens or passwords for his/her authentication.

5.135. 5000
Smartphones across the world
Smartphones with fingerprint recognition
Smartphones with facial recognition

AUT - Advantages of biometrics banking

Improving usability

For many years now, we have been dealing with complicated banking and transfer processes. If a client expresses the wish to make a transfer, he/she then receives a TAN, has to type it in and confirm it all again. The use of additional hardware makes the process more secure but no easier. The use of one's fingerprint or facial recognition are well-known, fast and approved authentication systems. They can complete complex banking processes, speed them up and even replace whole segments thereof. With biometrics, everything is more fluid, easier, faster and cheaper.

Transfers without TANs

For transfers too, just as with logins, a second factor is required – but this time, in a separate app. This means that two different applications must be used (usually a banking app and a push app). These cannot communicate with each other, so a TAN from the first app is used to identify the user in the second. If the AUT Lib is integrated into the existing push app, then the latter can use the biometric characteristic as the second factor for the transfer authorization – with a simple fingerprint.

PSD2 implementation

The European Union's Payment Service Directive 2 (PSD2) allows biometric factors to be used for authentication and authorization processes in banking. Biometric processes are much easier to use than the traditional PIN/TAN and chip card processes. The client can log in with his/her fingerprint or make a transfer by using facial recognition. Both are easy and secure. Moreover, the technical processes applied by AUT products are in line with the applicable regulatory provisions of Germany's supervisory authority for financial services.

Bank login without using TANs

The PSD2 sets the use of a second factor forth for access to balances. Usually, this involves copying a TAN. A hardware-installed banking app with indirect biometrics can fully replace the TAN system. The integration of biometric functions into the existing banking app and system is very easy, thanks to the AUT Lib and the light AUT Server War File. The library takes over the hardware connection and the secure, encrypted inclusion of biometric characteristics on the smartphone. This means that the second factor can then consist of biometrics and hardware integration instead of a TAN for the login process – without any push app.

Save costs with the OneID app

Online banking costs are high due to bank chip cards with TAN applications, TAN generators and photo or QR readers. However it is done, the end client needs to use expensive and complicated hardware components, as well as heavy processes such as PINs and TANS – with which it is easy to make a mistake. A central ID app with biometric authorization processes is only software, however. It can be used for all banking and login processes and offers interfaces with the central authorization systems and bank systems. This central ID and authentication solution can be applied to all client products and banking processes. The login and transfer processes needn't be integrated several times into every client and app. Instead, they are automatically and centrally available for all bank applications.

Browser banking without PINs and TANs

Browser banking on smartphones or desktops was the most user-friendly form of online banking for years. Nowadays, however, to look at one's balance, a TAN needs to be entered. This is not the case if one uses a (hardened) bank browser. Thanks to the hardware connection or the use of biometric sensors (on the laptop, tablet computer or external smartphone), users can proceed to uncomplicated, user-friendly two-factor authentication.


Due to its highly innovative nature, the PROTECT security technology been granted the support of the WTSH (Body for Economic Development and Technology Transfer) by means of funds from the federal state of Schleswig-Holstein.


The CORONIC ID App can authenticate everyone

“Who am I?” That is the question! Philosophers could hardly answer it – but now there is an answer in the case of online payment transactions: legal regulations such as the Payment Service Directive 2 (PSD2) have set forth what biometric characteristics are and who can use them, in order to do online banking, for instance. One can be authenticated through facial recognition, voice recognition, a fingerprint, a proven piece of hardware or even with a password or PIN. Unfortunately, banks and financial service providers have their own ideas as to how these biometric characteristics should be applied to their online transactions. With the CORONIC ID App, everything is easier: traditional processes such as the use of PINs, TANs, passwords, cards and signatures can be integrated, as well as push messages or real biometric authentication characteristics. An ID app as universal proof of identity for all payment processes and logins – everywhere, anytime.