Skip to content
Let's Talk

Commerzbank

Comdirect photoTAN

Security-critical two-factor authentication app for comdirect banking customers, enabling secure transaction authorization via photoTAN technology for over 1 million users.

TimeframeOctober 2023 - December 2024
Users1M+
Team Size15
iOS

The Challenge

The photoTAN app is a security-critical component of comdirect's banking infrastructure, responsible for authorizing financial transactions for over 1 million customers. Any failure or vulnerability directly impacts the security of real financial transactions. The app required updates to meet evolving PSD2 regulations and Commerzbank's internal security standards while maintaining a frictionless user experience.

The Approach

Led development efforts on the iOS photoTAN application with a focus on security-first engineering. Implemented cryptographic flows using CryptoKit and Keychain Services, integrated biometric authentication, and optimized the camera-based TAN scanning pipeline using AVFoundation. Ensured compliance with PSD2 Strong Customer Authentication requirements through close collaboration with security and compliance teams.

Tech Stack

SwiftUIKitCryptoKitKeychain ServicesCamera/AVFoundationBiometric AuthREST APIsXCTest

Impact & Results

Maintained and enhanced the security posture of a critical financial authentication tool serving over 1 million banking customers. Delivered improvements to scan reliability and authentication flow speed, reducing user friction while strengthening transaction security.

My Role

Senior iOS Engineer leading security-critical feature development in a team of 15. Responsible for cryptographic implementations, biometric integration, and ensuring compliance with banking security regulations.

Got a similar challenge?

Tell me about your challenge. I'll share how I'd approach it — and a realistic timeline.

This website uses third-party services (Google reCAPTCHA, Calendly) that may set cookies. See our Privacy Policy for details.