Due to the increasing number of SMS fraud cases specifically against test accounts, we need to improve the regulations to protect these accounts.
Going forward, test accounts will only be issued contractually, including the terms and conditions (T&C) and relevant liability clauses. This also applies to free test accounts.
Standard test accounts for the OASIS interface of the All-in Signing Service (AIS), which all begin with the prefix:
ais-90days-trial….
will generally no longer be able to use one-time password (OTP) procedures via SMS or the password and one-time code procedures via SMS (PWD/OTP) except for the specifically designated test accounts:
ais-90days-trial-OTP:OnDemand-Advanced4
ais-90days-trial-OTP:OnDemand-Advanced4.1-EU
These are used for advanced electronic signatures or procedures with implementation concepts where the signature application specifies the first factor for signature authorization. Seal test accounts have never had the possibility for one-time password authentication.
All other procedures can continue to use Mobile ID and Mobile ID (App). In this context, we would like to emphasize again that we strongly recommend the implementation of the Multiple Authentication Broker (MAB) due to the future viability of the solution. Within the broker solution, numerous other authorization procedures and identification methods can be utilized.
Partners who still need to test the password and one-time code procedure via SMS (PWD/OTP) for their specific customer needs can apply for special private test accounts (separate ClaimedID) through our sales support. A price of 2'000 CHF per year is planned for these private test accounts. The standard test accounts will remain free of charge.