Scan and Sign via Secure Channel

  • Published on Jan 16, 2026
  • 2 minute(s) read
Prev Next

The Scan and Sign via Secure Channel feature enables users to sign transactions by scanning a Cronto image or QR code. Users with activated accounts can approve a pending request on the third-party application or web page with their mobile device. The user can approve the request online or in offline mode via one-time password (OTP). This feature is designed to use only the Secure Channel Message function to sign single transactions for a given user account.

Scan and Sign

To scan and sign a transaction

  1. The user taps Scan Code on the Home screen.

  2. The user points and clicks device camera at the Cronto image or QR code from the third-party application or web page.

  3. The user is presented with the details of the transaction for the request approval.

    1. Online approval: the user taps Approve.

    2. Offline approval: the user taps Use one-time password.

  4. Complete the action:

    1. Online approval on protected app: the user must authenticate. In that case, the user is required to confirm their identity either by PIN or biometric authentication to continue the approval process. The user taps Done to complete the transaction. (See screenshot below, Approve request with biometrics or PIN.)

    2. Online approval, the app is not protected: the user receives a confirmation screen and can tap Done.

    3. Offline approval on protected app: the user must authenticate either with PIN or biometrics. After successful authentication, the app presents the OTP needed to sign the transaction. The user enters the OTP into the third-party application or webpage, and taps Done.

    4. Offline approval, the app is not protected: the user receives an OTP to sign the transaction in the third-party application or webpage, and taps Done.

  5. After the transaction is approved, the user is returned to the Home screen.

Additionally:

  • If the user does not want to approve the transaction, they can tap Cancel to exit the approval process.

Scan and Sign/Scan and Login via DIGIPASS Gateway

Scan and Sign and Scan and Login flows can also be handled via DIGIPASS Gateway where the flow is initiated in a web application and validated by the mobile application.

Scan and Sign/Scan and Login workflow with DIGIPASS Gateway

  1. The user initiates the flow in the web application, e.g., a banking website, where the Cronto image is generated.

    The necessary data to start the flow is transferred through the image.

  2. The user scans the code in the application to view the details.

  3. The user taps Approve or Deny.

  4. The mobile application and the web page both display the result of the operation.