The Notification Server is installed in the bank's infrastructure and is managed in accordance with the bank's security policy. When interacting directly with operators, messages do not go through intermediaries (providers).
For example, Push notifications are sent directly via Android and iOS services.
Unlike sending Push via providers, the bank's data does not pass through third-party servers. Besides, messaging statistics and customer information are not accessible to third parties. The sent content is stored exclusively in the bank.
There is an option wherebyPush only notifies the app of a message, while the message itself is retrieved directly from the server. In this case, text messages do not pass through Google and Apple clouds.
To prevent fraud, the system first checks the IMSI of mobile subscribers
before sending one-time passwords.
Also, the USSD channel
can be used to send one-time passwords. Such messages are not saved in the device's memory.