The 6 constraints that banks work under for Secure QR codes

... And how such a solution helps in document security

The IT and software teams in the banking industry worldwide are tasked with a new challenge. With the rampant forgery of bank documents, the industry is looking for easier ways to secure their documents in their transactions with business clients and consumers.

The IT team has to procure or build a solution to generate tamper-proof documents that can be easily validated and maintain authenticity. This is a daunting task since the solution should do document security and integrate with the core banking software, enhancements, and extensions. The solution has to be high availability - there cannot be any downtime with the live systems.

Moreover, while a critical requirement in the bank, writing the code for secure documents is still not considered a core banking function. At Qryptal, as leaders in document security, we have seen a surge in demand from banks from Africa, Asia, and the Middle East for a solution which can help to address this requirement, especially as several banking documents are also exchanged globally.

This is where a Secure QR code solution comes in. All documents can be generated with a secure QR code, making such a document tamper-proof and easily verifiable on demand, irrespective of whether the documents are electronic or physical. Here is a summary of the essential requirements and constraints in deploying such a solution for most banks

Requirements:

In our experience, these are the usual requirements of such a system:

  1. The issuing bank wants to ‘print a secure QR on PDFs’ generated by the core banking system in physical or digital formats (phygital).

  2. These documents are verified or checked by ‘third-party validators’.

  3. In many cases, the banks do not want these ‘external’ verifiers to access databases, servers, or systems for security reasons.

Constraints:

These are the usual ‘constraints’ that they work under

  1. The PDFs must be generated as per standard templates.

  2. The bank’s core banking software must make API calls to generate secure QR or PDF with secure QR.

  3. Different banks have different deployment requirements – some can work in a Cloud environment, while others look for On-premise deployment

  4. There are usually two options they need to consider in the type of QR code generation:

    a. Without URL: For better security and to avoid QR Phishing issues

    b. With URL: can be scanned with any QR App for ease of use but has implications for data capture & leakage depending on the app used

  5. The document may have an expiration date and usually expires in 45-60 days (configurable) and there may also be a need for storage to be cleared automatically at predetermined intervals.

  6. An easy way to verify other than the app - usually a web validation mechanism.

All this can easily be achieved with Qryptal solutions and often within days. Having worked with banks across the globe, Qryptal’s novel architecture provides ALL the above and much more:

Architecture:

Generating and Verifying a QR code

  1. Serverless Architecture: Qryptal QR code solutions are built on a server-less architecture that enables the solution to scale and is virtually maintenance-free. Since there are no servers, once the document is issued - no further infrastructure is required needed to keep it verifiable

  2. 3072-bit Security: Secure QR code solution is based on PKI; with 3072 bit RSA equivalent, it is much more secure than typical internet banking

  3. Off-line Verification: Since the Qryptal QR code is self-contained, no network connectivity is needed to validate the information. Thus, the verification can work anytime and anywhere, including in secure air-gapped environments

  4. Physical-digital: Works for electronic as well as printed documents. This blend of the physical and digital world is where a secure Qryptal QR is generated digitally and can then be placed on both the physical and the electronic versions of the document as required. As a result, both the printed copy and the electronic format of the original document carry the same level of security and can be verified easily.

  5. Privacy: Qryptal helps safeguard and protect the privacy & confidentiality of the customer and institution in an uncomplicated logical manner

Bank account statement with QR Code


You may also like -



Why wait? It is easy to integrate Qryptal
Take the first step today!

Leading organisations and brands rely on Qryptal

We have customers and users in most parts of the world.