Commerzbank
Comdirect photoTAN
Security-critical two-factor authentication app for comdirect banking customers, enabling secure transaction authorization via photoTAN technology for over 1 million users.
The Challenge
The photoTAN app is a security-critical component of comdirect's banking infrastructure, responsible for authorizing financial transactions for over 1 million customers. Any failure or vulnerability directly impacts the security of real financial transactions. The app required updates to meet evolving PSD2 regulations and Commerzbank's internal security standards while maintaining a frictionless user experience.
The Approach
Led development efforts on the iOS photoTAN application with a focus on security-first engineering. Implemented cryptographic flows using CryptoKit and Keychain Services, integrated biometric authentication, and optimized the camera-based TAN scanning pipeline using AVFoundation. Ensured compliance with PSD2 Strong Customer Authentication requirements through close collaboration with security and compliance teams.
Tech Stack
Impact & Results
Maintained and enhanced the security posture of a critical financial authentication tool serving over 1 million banking customers. Delivered improvements to scan reliability and authentication flow speed, reducing user friction while strengthening transaction security.
My Role
Senior iOS Engineer leading security-critical feature development in a team of 15. Responsible for cryptographic implementations, biometric integration, and ensuring compliance with banking security regulations.
Got a similar challenge?
Tell me about your challenge. I'll share how I'd approach it — and a realistic timeline.