EFG Access

Introduction to EFG access

EFG Access allows you to quickly and securely validate payments from your eBanking account in order for them to be executed. The validation and authentication is thereby in line with state-of-the-art security requirements and securely allows clients to validate external payments via the app or using double signature authentication, if required.

Eligible users
EFG Access is aimed at EFG clients with European accounts. The application is in line with the European PSD2 directive, meeting the strong client authentication requirements that take effect on 14 September 2019.

EFG mobile security
Data security is of paramount importance to EFG. We secure all communication means and channels available in our eBanking and mobile banking services in order to effectively ensure the privacy of our clients’ data. Our security strategy is composed of three main elements:

  • Secure login/logout
  • Session duration
  • Data storage

Secure login/logout
EFG has leveraged the proven technology of its eBanking login security to make the login process of its mobile applications just as robust and secure. In line with this, EFG has created the “access” security feature, which can best be described as a key that allows clients to securely open the door behind which the mobile application is secured in order to access it. More precisely, one “access” links one eBanking account with one mobile device and one application. If a user wants to install an EFG Mobile application on two different devices, the user has to create one access on each device. Likewise, if a user has two eBanking accounts which he/she wants to connect with an EFG Mobile application on the same device, the user has to create one access for each eBanking account on this device. The access feature allows EFG to link an eBanking user with a specific device as well as to list the mobile applications this user has installed on the device. This not only secures the login, but in case of loss of the device, EFG’s Support Service can also easily revoke all accesses linked to the device. During the login, EFG uses the secure protocol “https” to send the login credentials to its servers in order to validate the login. EFG also provides a secure logout process, clearing out all the session data from the device. Following the logout, all respective data will only remain available on EFG’s secure servers.

Session duration
EFG’s mobile applications are designed to be as responsive as possible, while always being aligned to the security recommendations concerning the duration of a session.

In line with this, the application will be locked after two minutes of inactivity or when it is sent to the background. When starting the application again, users will be asked to log in again using either their security PIN, the touch ID or the Face ID. Both touch and face ID can be turned on in the “settings” menu of the application.

  • EFG Chat:
    EFG Chat will close the session and the user will be securely logged out after six months of inactivity.
  • EFG Mobile Banking:
    EFG Mobile Banking will close the session and the user will be securely logged out after six months.
  • EFG Access:
    EFG Access will close the session and the user will be securely logged out after six months.

Data storage
As previously mentioned, EFG does not store any application data on the mobile device following the logout. All data, including messages, are securely stored on EFG servers in an encrypted form. All data transfers from EFG servers to the EFG Mobile application take place via secured channels.

Installing EFG access

Step-by-step guide

Please note: It is not recommended to use a public WiFi connection to install and set up the EFG Access application due to potential security risks.

Necessary pre-requisites:

  • Make sure your mobile device is connected to mobile data or a secure WiFi.
  • Make sure your mobile device has an operational camera to scan the QR code.
  • Make sure you are in an environment that allows you to connect to your eBanking using different device than your mobile.

Installation steps:

  1. Install EFG Access from your app store (Apple Store or Google Play).
  2. Once EFG Access has been installed, you need to tap on the icon to launch it.
  3. You can click through the on-boarding pages to see a brief description of what EFG Access offers.
  1. Tap on “Sign In” to start the registration process. Please note that the registration process only has to be done once per eBanking account and device:
  2. Define a 6-digit PIN that will be used to lock/unlock the EFG Access application and to set up the touch ID/Face ID.
  1. If your smartphone has a biometric verification mode (i.e. face recognition, finger print), you can enable it in this step so that the biometric verification will be used instead of the PIN to unlock the application.
  1. In a next step, you are asked to allow the EFG Access application to send you notifications. This is required in case you want the EFG Access application to send you a notification when a new payment needs to be validated.
  1. Next a new access needs to be set up. You can name your access according to your own wishes and edit the default name created by the system.
  1. Once you have given your access a name, you will be asked to scan a QR code from the “Mobile Access Management” application. Prior to scanning this code, you have to give permission to EFG Access to use the camera on your mobile device.
  1. Using a different device than the mobile device on which you want to install EFG Access, please log in to your EFG eBanking and open the “Mobile Access Management” application.
  1. Once you have opened the “Mobile Access Management” application, a QR code will be displayed on the screen. Using your mobile device, please tap on “I’m ready to scan” in the EFG Access application. Please note, that if you have previously already created an access on your mobile device, you need to click on “+ New access” to get a new QR code generated.
  2. Scan the QR code using your mobile device
  1. Once you have successfully scanned the QR code, you can now log in to your EFG Access application using your EFG eBanking credentials and the Entrust token code.

Once you have successfully completed the installation process, you can now start using EFG Access application.

Using EFG Access

Step-by-step guide

Important information
In line with the European Payment Service Directive (PSD2), all European banks are required to secure electronic payments with a strong client authentication. Accordingly, all the electronic payments debited from a European account must follow this directive. This means that all clients making a payment which is debited from a European account must use the EFG Access application to validate this payment. The option to validate the payments using the Entrust token will no longer be available for accounts booked within one of EFG’s European locations.

Main features of EFG Access

  1. Push notifications
    Every time you want to validate a payment to an external recipient using your EFG eBanking, you will automatically receive a respective push notification on your mobile device. You can click on the notification to launch your EFG Access application and validate the payment.
  1. Lifetime
    Once you have released a payment to validation and received the according notification on your mobile device, you have 90 seconds to validate this payment using the EFG Access application. After 90 seconds, the payment(s) will expire and you need to go back to the EFG eBanking Payments application to select and send the payments for validation again.
  1. Checking payments before validation
    Once you have opened your EFG Access application, following the respective push notification, you can see an overview of all the payments that are awaiting validation.

    Each payment (or group of payments) is displayed on one panel. You can navigate between the panels in case there are several payments (or group of payments) that need to be validated by swiping left or right. For a group of payments, you can scroll down the panel to see all the individual payments that are included.

  1. Validate or reject a payment
    Using the EFG Access application, you can now quickly and easily validate or reject the payment(s) with a single tap. Following your validation/rejection of payments, the respective actions will be performed by EFG eBanking. Once you have validated/rejected all outstanding payments, the Validate screen will display empty.