Skip to content

My Evli’s new mobile authentication improves app security and usability

My Evli is swapping its old login code lists for a state-of-the-art, app-based authentication solution. The new solution makes trading and keeping track of your investments both easier and more secure, also on mobile.

Well-implemented authentication is one of the cornerstones of online and mobile services. When authentication is smooth, customers have a lower threshold for using the service, and it is also easier for new users to pick up.

“Evli’s number one job is to fulfill the client’s investment objectives. This is primarily taken care of by the asset manager, but we have now integrated the digital channel better with our personal service”, says Director, Client Experience Jarkko Kuisma of Evli. “Everyone who can use a smartphone understands the new authentication procedure intuitively.”Before the update, the My Evli mobile app was mostly limited to keeping an eye on your portfolio.

“This application is not a replacement for personal service. Rather, we are now able to offer our clients a digital service to support the work of their personal asset manager, who walks the client through the ins and outs of the new app in a safe environment.”

App-based solution guarantees security

Application-based authentication can be implemented in a device-specific manner that binds it to an individual user. When first logging in, Evli’s client authenticates themselves with Evli’s or their bank’s login codes. After that, users can authenticate themselves and confirm transactions in the application by entering their PIN or using biometric identification.

In web logins, the application-based authentication solution verifies the user’s identity with a QR code.

“We sat down with Evli and discussed how their authentication needed to be implemented from a technical standpoint”, says Qvik CEO Lari Tuominen.

“We helped them develop a mobile solution that works within My Evli and does not bounce the user somewhere else, like their online bank, for authentication. We built the authentication around Signicat’s MobileID, which offers the simplest and quickest user path available.”

After the first login users can authenticate and confirm purchases in app using biometric authentication or PIN code.

Signicat MobileID is one of the most secure solutions on the market, offering audited, bank-grade security. Saving data in the application, data communications and even the physical device are secure, as the solution is able to identify devices that have been tampered with. MobileID helps companies move from passwords to more secure login methods and offers a first-grade user experience to customers.

“A service like My Evli wants to be a hundred percent sure that the user knows what they are doing and are who they say they are”, Kuisma says.

Image with authentication flow. After the first login, the users can authenticate themselves and confirm transactions in the application by entering their PIN or using biometric identification.

The My Evli team decided to implement native authentication with iOS and Android apps. The advantages of a native solution are convenient updates through the app store, as well as diverse options for using push messages and biometrics.

“Straight talk and just the right amount of sparring” – the choice of supplier is a vital part of every project

Requesting quotations and finding the right partner are important phases in every digital development project. Qvik made an impression by shooting straight, putting itself in Evli’s shoes and looking at the delivery options entirely from Evli’s point of view.

“In-house expertise is vital, and I always want to see Evli’s own team improve and pick up new skills. But the next important thing is having the right partner for your project”, Kuisma says. “Lari gave a really good and relaxed first impression. You can tell pretty quickly if someone knows what they’re talking about or not.”

Evli had two realistic options on the table: build their own authentication solution or choose an off-the-shelf solution from the market.

“Qvik talked straight and gave us just the right amount of sparring”, Kuisma says. “Lari gave us room and time to think, but also told us what he thought and kept the show on the road.”

When the plans had been made and Signicat’s MobileID chosen as the authentication solution, the project started picking up speed. As the last step, the application’s information security was audited by a third party before launch.

“It is my hope and belief that the qvikies also learned something from us, for example about the industry.”

We also improved My Evli’s accessibility – all user segments are now catered for

The My Evli app has a native login implementation, after which the application switches to a website-based solution. Qvik also improved the accessibility of Evli’s digital services based on a comprehensive audit.

The improvements to accessibility have simplified the use of My Evli and clarified its technical structure too.

“The completely new My Evli is an extremely easy-to-use and informative, modern user interface. A huge improvement over what we had”, Kuisma says.