Security with iMobile
The major features are as follows:
Different Channel Registration
The mobile number registration is carried out at the branch and ATM. In addition to this, the payee and biller registration on a customer's account is done via Internet Banking. This way the security of mobile channel is upheld by allowing registration activities through different channels that have their own authentication mechanisms.
|Level 1: Registration process|
The mobile banking services are provided only to the customers who have specifically opted for the same and registered as described above.
|Level 2: Activation process|
Customer has to activate the iMobile client application using a second-factor authentication (2FA) mechanism. (Enter digits of Debit / Grid card number - these 3 digits are randomly generated at the time of activation). This ensures that only the rightful owner of the account who has the Debit card of ICICI Bank can activate iMobile on his phone.
|Level 3: User-generated PIN|
Customer is also required to create a 4-digit numeric PIN of his choice to log in. This acts as a verification mechanism to enter the application. The application gets locked in case of three incorrect PIN entries.
|Level 4: Storage encryption|
All data that is stored on the phone/client is encrypted using strong encryption standards thereby making it secure.
|Level 5: Communication encryption|
The data exchanged between client (i.e. iMobile) and server is encrypted using PKI. End-to-end 128 bit encryption fulfills the confidentiality, integrity and security requirements.
Additionally, all financial activity involving Fund Transfer are verified using the 2FA (Grid card/ Debit card number). Also, for every session between application and the server, a key is exchanged which expires when the session terminates.