Scan and sign is a signature validation process where users are presented a Cronto image, scan that image and complete signature validation on their mobile device. It requires Mobile Authenticator Studio 5.
The typical scan and sign authentication process is as follows:
- The user initiates a transaction data signing process in the business application, e.g. a banking website.
- The business application requests a request message to initiate a signature validation transaction and receives a request key from OneSpan Authentication Server.
- The business application generates a Cronto image based on the request key.
The business application sends a scan and sign validation transaction request to OneSpan Authentication Server with the user ID and the request key.
OneSpan Authentication Server blocks and waits until the request is either approved or canceled by the end user, but at the most until the signature validation timeout, as configured in the policy settings, expires.
- On the mobile device, the user scans the Cronto image.
- On the mobile device, the Mobile Authenticator Studio app retrieves the prepared signature request (via DIGIPASS Gateway) and displays it for the user to verify.
- On the mobile device, the user either confirms the transaction or cancels it. The Mobile Authenticator Studio app calls a respective response action (via DIGIPASS Gateway).
- OneSpan Authentication Server resumes the initial blocking transaction and returns the result to the business application.