Stay informed about the latest updates on pan-European regulations and laws and their impact on digital trust service provider
Working with a signature platform TSP and PaaS provider offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the confidence of...
In the case of electronic signatures, an integrated solution can help solve these problems by digitizing process gaps and speeding up and simplifying document processing.
Electronic signatures are an essential part of the digital transformation for the fintech and banking industry. Electronic signatures can help improve the efficiency and accuracy of processes such as...
A TSP for SaaS providers offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the trust of their customers, and reducing risks.
The technical integration of trust solutions in a signature platform offers cloud providers many advantages, e.g. scaliability, latest security standards or standardized APIs.
Enterprises and ERP providers face complex technical challenges, such as company size or internationalization, when implementing e-signature solutions and integrating a TSPs.
Financial service providers can boost conversion rates by seamlessly integrating trust solutions and efficiently navigating compliance requirements.
The technical integration of TSP's digital identity and e-signature solutions enables SaaS and PaaS providers to comply with the latest security and interface standards.
Discover future-proof technological solutions and innovations for your business success.
In our Help Center, you will find the answers to our frequently asked questions.
This section will offer exciting interviews and discussions from various sectors, such as finance, HR, and health. Our experts describe the current challenges in their fields, provide compelling...
Our customers and partners have successfully streamlined their processes and digitized the final step to legally valid contract conclusion. Find out how they benefit from our digital identity, secure...
Learn what an electronic signature is
What types of electronic signatures there are
How to sign a document electronically
The embedded e-signing platform Smart Registration und Signing Service provides qualified and advanced electronic signatures for the EU jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in the European jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service provides qualified and advanced electronic signatures for the Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer identification via valid Swiss mobile number and advanced electronic signtuare in Switzerland
Learn what an electronic seal is here
What types of electronic seals there are
How a company successfully seals electronically
The embedded e-sealing software Smart Registration and Signing Service provides regulated electronic seal for Swiss public authorities in accordance with ZertES and TAV.
The reptetive e-sealing solution Smart Registration and Signing Service provides regulated and advanced electronic seals for organizations in the Swiss jurisdiction
The embedded e-sealing solution Smart Registration and Signing Service provides qualified and advanced electronic seals for organizations in the European jurisdiction.
Learn what an online identity check is
What current identification methods are available on the market
What the areas of application and advantages of online identification are
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for eIDAS-compliant e-signatures.
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for ZertES-compliant e-signatures.
Simple and intuitive Face-2-Face identification hub solution for businesses to register people for electronic signature.
Learn what two-factor authentication is
Why it takes an authentication solution for the electronic signature
The embedded e-signature platform Smart Registration and Signing Service provides a diverse array of authentication methods for approving electronic signatures.
Explore our range of e-signature and e-seal service packages for partners, SMEs, and enterprises. Choose from various packages tailored to your needs.
Here are the frequently asked questions about our products and services.
On our Dev Hub, you will find all the essential information about using the interfaces provided by Swisscom.
Our GitHub page contains Postman examples and four Java/C#-based clients for the signature service that use the iText/PDF Box libraries and the signature service wiki.
In our repository, you will find the documentation on Swisscom CA and PKI, our CP/CPS, and terms of use.
Here you will find a selection of PDF Library providers that support the interfaces provided by Swisscom.
You can inform Swisscom about potential security vulnerabilities here.
You are welcome to contact us via the support page.
Please visit our Help Center.If you can't find an answer to your question, please don't hesitate to contact our support team.
Our products are integrated into ready-made digital customer solutions, enabling processes without media discontinuity. Here is an overview of our solution partners.
Discover how customers are benefiting from our digital identity, secure authentication, and e-signature solutions and services. Our customers are active in various industries
Our partner log-in area is aimed at our solution partners.Are you still waiting for a partner log-in? Get in touch.
Swisscom Trust Services is a leading provider of trust services and provides qualified electronic signatures in the legal areas of the EU and Switzerland.
We are a team of more than 30 experts providing innovative, complete, compliant, and easy-to-integrate identity-based and electronic signature services.
The European Signature Dialogue is an association of the most important European providers of electronic signatures.
Today, the registered association Bitkom represents more than 2,000 member companies - including around 1,000 high-performing SMEs, over 500 innovative tech start-ups, almost half of the 40 DAX...
With around 1,000 member companies, eco is Europe's largest Internet industry association. Since 1995, eco has been instrumental in shaping the internet, promoting new technologies, creating...
The Competence Center for Applied Security Technology, CAST e.V. offers a wide range of services in the security of modern information technologies. It is the contact for IT security issues.
The Bundesverband IT-Sicherheit e.V. (TeleTrusT) is a competence network comprising domestic and foreign members from industry, administration, consulting and science, and thematically related...
We seek experts with an exciting track record who want to contribute to our growth.
In this section, you will find our press contact, the latest press releases, company information, and media content for download.
Stay informed about the latest updates on pan-European regulations and laws and their impact on digital trust service provider
Working with a signature platform TSP and PaaS provider offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the confidence of...
In the case of electronic signatures, an integrated solution can help solve these problems by digitizing process gaps and speeding up and simplifying document processing.
Electronic signatures are an essential part of the digital transformation for the fintech and banking industry. Electronic signatures can help improve the efficiency and accuracy of processes such as...
A TSP for SaaS providers offers many benefits, including improving the quality, efficiency, and security of their signature solutions, increasing the trust of their customers, and reducing risks.
The technical integration of trust solutions in a signature platform offers cloud providers many advantages, e.g. scaliability, latest security standards or standardized APIs.
Enterprises and ERP providers face complex technical challenges, such as company size or internationalization, when implementing e-signature solutions and integrating a TSPs.
Financial service providers can boost conversion rates by seamlessly integrating trust solutions and efficiently navigating compliance requirements.
The technical integration of TSP's digital identity and e-signature solutions enables SaaS and PaaS providers to comply with the latest security and interface standards.
Discover future-proof technological solutions and innovations for your business success.
In our Help Center, you will find the answers to our frequently asked questions.
This section will offer exciting interviews and discussions from various sectors, such as finance, HR, and health. Our experts describe the current challenges in their fields, provide compelling...
Our customers and partners have successfully streamlined their processes and digitized the final step to legally valid contract conclusion. Find out how they benefit from our digital identity, secure...
Learn what an electronic signature is
What types of electronic signatures there are
How to sign a document electronically
The embedded e-signing platform Smart Registration und Signing Service provides qualified and advanced electronic signatures for the EU jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in the European jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service provides qualified and advanced electronic signatures for the Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer a combined solution of identification and one-time e-signatur for KYC-processes in Swiss jurisdiction.
The embedded e-signing platform Smart Registration and Signing Service offer identification via valid Swiss mobile number and advanced electronic signtuare in Switzerland
Learn what an electronic seal is here
What types of electronic seals there are
How a company successfully seals electronically
The embedded e-sealing software Smart Registration and Signing Service provides regulated electronic seal for Swiss public authorities in accordance with ZertES and TAV.
The reptetive e-sealing solution Smart Registration and Signing Service provides regulated and advanced electronic seals for organizations in the Swiss jurisdiction
The embedded e-sealing solution Smart Registration and Signing Service provides qualified and advanced electronic seals for organizations in the European jurisdiction.
Learn what an online identity check is
What current identification methods are available on the market
What the areas of application and advantages of online identification are
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for eIDAS-compliant e-signatures.
The embedded e-signature platform Smart Registration and Signing Service offers a wide range of identification methods to register for ZertES-compliant e-signatures.
Simple and intuitive Face-2-Face identification hub solution for businesses to register people for electronic signature.
Learn what two-factor authentication is
Why it takes an authentication solution for the electronic signature
The embedded e-signature platform Smart Registration and Signing Service provides a diverse array of authentication methods for approving electronic signatures.
Explore our range of e-signature and e-seal service packages for partners, SMEs, and enterprises. Choose from various packages tailored to your needs.
Here are the frequently asked questions about our products and services.
On our Dev Hub, you will find all the essential information about using the interfaces provided by Swisscom.
Our GitHub page contains Postman examples and four Java/C#-based clients for the signature service that use the iText/PDF Box libraries and the signature service wiki.
In our repository, you will find the documentation on Swisscom CA and PKI, our CP/CPS, and terms of use.
Here you will find a selection of PDF Library providers that support the interfaces provided by Swisscom.
You can inform Swisscom about potential security vulnerabilities here.
You are welcome to contact us via the support page.
Please visit our Help Center.If you can't find an answer to your question, please don't hesitate to contact our support team.
Our products are integrated into ready-made digital customer solutions, enabling processes without media discontinuity. Here is an overview of our solution partners.
Discover how customers are benefiting from our digital identity, secure authentication, and e-signature solutions and services. Our customers are active in various industries
Our partner log-in area is aimed at our solution partners.Are you still waiting for a partner log-in? Get in touch.
Swisscom Trust Services is a leading provider of trust services and provides qualified electronic signatures in the legal areas of the EU and Switzerland.
We are a team of more than 30 experts providing innovative, complete, compliant, and easy-to-integrate identity-based and electronic signature services.
The European Signature Dialogue is an association of the most important European providers of electronic signatures.
Today, the registered association Bitkom represents more than 2,000 member companies - including around 1,000 high-performing SMEs, over 500 innovative tech start-ups, almost half of the 40 DAX...
With around 1,000 member companies, eco is Europe's largest Internet industry association. Since 1995, eco has been instrumental in shaping the internet, promoting new technologies, creating...
The Competence Center for Applied Security Technology, CAST e.V. offers a wide range of services in the security of modern information technologies. It is the contact for IT security issues.
The Bundesverband IT-Sicherheit e.V. (TeleTrusT) is a competence network comprising domestic and foreign members from industry, administration, consulting and science, and thematically related...
We seek experts with an exciting track record who want to contribute to our growth.
In this section, you will find our press contact, the latest press releases, company information, and media content for download.
As the leading financial institution in Eastern Switzerland, St.Galler Kantonalbank (SGKB) has offered comprehensive financial services to private and business customers for over 150 years. It employs 1,200 people at its headquarters in St. Gallen and the additional 38 branches. About 300 bank employees and about 100 external employees regularly need to access the bank’s applications outside the office. These include cross-border commuters in Austria and Germany and system administrators, some of whom need access to applications from abroad.
Guido Kölliker has been Chief Information Security Officer at SGKB since 1st July 2017 and, in this role, is responsible for the bank’s information security. One of the first challenges as CISO was to improve the security of 2-factor authentication of remote access and more robust control of regional access from abroad. Until then, employees who wanted to log in while on the road did so with an RSA token or SMS as a second factor in addition to the password. The physical token generated a six-digit security code that the user had to enter to log in. The same procedure happened when the SMS generated a four-digit code.
However, the RSA token was unpopular with managers and staff for several reasons. For one, employees had to carry an additional device to access applications. Secondly, the IP-based geo-fencing function was easily bypassed by VPNs and thus did not provide the necessary level of security for access from abroad. Therefore, as an alternative, authentication via SMS was tested as a second factor to replace the additional device and to include the employees’ devices (smartphones).
“As soon as an employee forgot his RSA token at home, he could not work,” Kölliker recalls. “That’s why I was looking for a solution that included the employees’ smartphones. After all, you always pack your smartphone with you. Through SMS, we established the employees’ devices as a second factor, but this method did not offer the desired level of security, as it had been proven to be able to be leveraged in the past.”
Therefore, the new solution had to offer a high level of security, usability, and greater control over foreign access in equal measure. The search for the appropriate technology initially proved challenging. An app-based solution that used background noise for verification was ruled out because the required microphones on the user’s private computer would have caused additional costs. Device-based solutions that used a smart card as a second factor, for example, were also unsuitable because they entailed the same problems as the RSA token and involved much administration.
During the search, Kölliker also conversed with Swisscom, with whom SGKB worked successfully for years. On the one hand, Swisscom operates SGKB’s ICT infrastructure and workplaces; on the other hand, the employees’ workplaces were migrated to Windows 10 at that time and are currently renewing the infrastructure with desktops, laptops, and thin clients. For some time, there had been discussions about the possibility of implementing a robust 2-factor authentication and the renewal of the workplace. However, this was postponed to a later date due to scheduling dependencies.
With Mobile ID, Swisscom offered a solution that met all SGKB’s requirements. It enables in-house remote access control by allowing access authorizations from different countries to be granted and revoked temporarily by the bank’s employees via white/blacklisting. Another significant advance is that verification is not IP-based but occurs via the mobile network. “Trying to fake a different location here would require a high degree of criminal energy, as the location is determined based on the radio tower and the provider of the respective country. This is much more difficult to circumvent,” says Guido Kölliker satisfactorily.
Furthermore, Mobile ID works independently of the terminal device and can be used on the employees’ smartphones without an additional app, significantly reducing costs and administration efforts. When logging in, the user enters their data, receives a notification on the smartphone (regardless of whether it is switched on or off), and confirms the log-in via Mobile ID with a six-digit PIN set individually in advance and can be changed at any time.
The transition to Mobile ID began in September 2018 and went off without any issues, although a few obstacles still arose during the implementation process.
“The requirements for the solution were unique in that SGKB wanted to run the administration of geofencing itself, but the infrastructure was running on Swisscom’s Citrix platform. We haven’t had a situation like this in the past,” comments Swisscom. “We had to make sure that Mobile ID was compatible with the Citrix environment and that the changes from Active Directory were smoothly adopted in the backend of Mobile ID. We had to incorporate these changes on the fly, but we did well within the schedule. In the end, the project was completed as planned."
As part of the transition, the 300 employees and 100 externals who needed to access the banking application while on the road received new Mobile ID-enabled SIM cards for their devices linked to their bank user account. Those who were not customers of Swisscom or Mobile ID partner providers were given an extra SIM card to log in.
Since April 2019, employees have exclusively used Mobile ID as a second factor for logging in while on the move. Guido Kölliker expresses his satisfaction with the changeover: “It was essential to me that the control of foreign access is in our hands and that the employees also follow the path. Otherwise, it would not have worked. That’s why I’m thrilled that we found a solution that was very positively received by the staff and simultaneously offers the security necessary in the banking environment.”
After the successful introduction of Mobile ID for remote employees, Guido Kölliker would like to introduce this form of 2-factor authentication across the board for all office employees by the end of 2019 to strengthen the general security in the bank. He also receives internal support from the HR department, which wants to integrate personal smartphones more strongly into everyday working life to better record working hours, for example. He, therefore, draws a thoroughly positive interim conclusion:
“With Mobile ID, we have shown that bring-your-own-device concepts can also work well in the banking environment without compromising security. In addition, we have laid an important foundation for further digital progress, and, in the future, we will be able to conveniently process qualified electronic signatures or declarations of intent via the smartphone, which in turn will be more convenient for customers."
10.12.2024
Read more
03.12.2024
Read more
27.11.2024
Read more
08.11.2024
Read more