As you can see from the diagram below, the Bank Control™ client application running on your device is communicating with the Bank Control Service rather than with banks directly. The Bank Control service works as a proxy transforming data from banks into a protocol used by the client application.

Double Encryption

  • When you register your device with Bank Control service, two pairs of 1024bit encryption keys are generated - one by the device and one by the service. The device and service exchange public keys and use these keys to encrypt sensitive data and to generate digital signatures.
  • The generated security keys are used in addition to standard SSL communication between devices and the service. Some data, such as provider login details or transactions are encrypted using these keys before they even hit the encrypted communication channel.

Provider Registration

  • When you register a new provider you enter user name and passwords you use to login to this provider. The Bank Control client application passes this information to the Bank Control service encrypting them before transmission.
  • The Bank Control service encrypts provider login information using a key unique for the device and then splits resulting binary data into two parts. One part of the encrypted provider login data is then saved in the service database and another part is sent back to the client application and stored in device's local database. It is technically impossible to reinstate provider's login details from any of these parts.

Provider Login

  • When your device initiates statement synchronisation, it passes part of the encrypted security details to the service. The Bank Control service combines this information with data kept in its own database and decrypts using the key unique for your device.
  • Bank Control service opens HTTPS connection to the Internet banking web site of the provider and logs in using the decrypted security information. It then parses screens and translates extracted statements before encrypting them and passing back to the client application.
    Bank Control service does not keep details of your accounts or transactions. It works rather like a proxy between your device and banks. From banks point of view this is the same as you use a browser to access your accounts.
From the client point of view the Bank Control service works as a "proxy" which also implements some custom transformation of the transmitted information. The Bank Control service does not save your transactions or login details and does not initiate any exchange with providers on its own.
On the other hand, from banks point of view the Bank Control service works as a "browser" which accesses the client's information only on behalf of the client and only when the client requested to do so.