twitter logo linkedin logo facebook logo

Is MIRACL too good to be true?

MIRACL International Limited

MIRACL is too good and is true

“The first time we looked at MIRACL, we thought it was too good to be true, but it provided the most innovative, cost-effective and scalable MFA solution, and met all of our technical requirements. Above all, the MIRACL team demonstrated from day one that it understood our needs and would work collaboratively in a true partnership.”

John Ferguson, CRO, Cashfac

We’ve all been victims of a product or service that claims to be better than the rest, only to be disappointed. Our customers are no different. In multiple conversations with customers, they’ve said that when they were searching for an MFA solution, they wanted one that was:

  • easy to integrate
  • compliant with PSD2 and GDPR
  • easy to implement
  • more affordable and secure than their current solution or competitor offers

Finding MIRACL seemed “too good to be true” - and their teams were sceptical. As a result, they demanded extra checks before implementing MIRACL. If you feel the same, this article will answer your most pressing questions.

Is MIRACL compliant with PSD2 and GDPR? 

What is PSD2? 

The Revised Payment Services Directive (PSD2) was created by European Commission to regulate payment services in the European Union and improve customer service and competitiveness in the financial services market. All providers in EU countries and the European Economic Area have to abide by the Directive. MIRACL meets the Strong Customer Authentication (SCA) standards of PSD2. By using MIRACL, your authentication becomes PSD2 compliant for web and mobile banking.

What is GDPR?

The General Data Protection Regulation (GDPR) is the strictest privacy and security law globally. It outlines how we can use, process, and store personal data in the European Union and the European Economic Area. As a result of leaving the EU, the UK now has its own data privacy law, The United Kingdom General Data Protection Regulation (UK-GDPR). MIRACL is compliant with both of them.

Is MIRACL compliant with New Jersey 2022 MFA regulations?

New Jerseys’ new regulation for gambling companies requires Two-Factor or Multi-Factor authentication. The intention behind these guidelines is to make it harder to hack into gambler’s accounts and prevent so-called messenger or proxy betting where one person bets on behalf of another.

Proxy bets can be problematic: In 2020, a bettor from Florida- where betting is illegal-  used a proxy to place a $3 million bet with Draft Kings in New Jersey. As a result, DraftKings had to pay a fine of $150,000.

Although two-factor authentication or multi-factor authentication will be required from June 30 2022, there is no requirement to implement biometrics-based authentication.  Gamblers will need to authenticate every two weeks which might annoy them and may result in a higher abandonment rate. MIRACL is compliant with the New Jersey 2022 MFA regulations and can help your company prevent that.

Is MIRACL easy to integrate? 

The best MFA system is useless if it means changing your existing system completely. Such a process would only lead to delays, customer friction and loss in revenue. You can integrate MIRACL at any point in your business, whether you use bespoke software or a standard one. MIRACL will support the authentication methods you are already using without interfering with them. It’s compatible with IOS and Android, including handsets up to a decade old, and supports all browsers and even smart TVs.

Is MIRACL more secure than other MFA solutions on the market? 

2FA is safer than a password alone, but it’s far from foolproof. Jack Dorsey, the CEO of Twitter, learned that when his account got hacked. The hackers applied a so-called SIM attack: They apparently bribed an employee of Dorsey’s mobile phone carrier to switch the numbers associated with his SIM card, so they could intercept a two-factor authentication code and log into his account.

It might surprise you, but there are very few existing two-factor authentication schemes on the market. Take, for example, FIDO. A non-profit organization, FIDO Alliance, works with a single cryptographic secret (a piece of data). It is protected by a PIN or a biometric inside a passkey. Users can use these passkeys to authenticate themselves without having to enter any additional authentication factor.

But there’s a caveat: the blob of data is useless without the PIN and sufficient on its own to break the scheme. In addition, the passkeys are costly and hard to replace. One of our customers pointed out that delayed shipping of such a passkey can cause real problems.

Other authentication solutions ask customers for a two-step authentication that costs precious time. MIRACL has a zero-knowledge-proof protocol that eliminates vulnerable password databases from the authentication process and authenticates in only two seconds.

How affordable is MIRACL? 

Pricing was an important criterion when we developed MIRACL. Only an affordable authentication system for businesses can succeed in the long run. That’s why MIRACL is a fraction of the price of other password-leading authentication solutions.

Can MIRACL make me money?

Our customers see an average of 99% login success rate. That means your users can enter your portals quickly, efficiently and without friction, which can result in less cart abandonment, higher conversions, and happier customers. There are no password databases to hack and your help desk could regain some of the minimum of 20% time they spend resetting user passwords.  Total cost of ownership decreases and user satisfaction increases.

“What would I say to companies considering MIRACL? In a few words: go for it! If you want to secure access to your services, rest assured that you can do it very, very safely with MIRACL.”

Florin Dimitru, IT Director at Crédit Agricole Romania


If you would like to know more, our newsletter is a great way to get to know us - you can subscribe here.

Get the MIRACL memo in your inbox

Get in touch to learn more

You can opt out at any time. See our privacy policy here.