Is CA Mobile OTP secured during transmission and storage?

book

Article ID: 108037

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication CA API Gateway

Issue/Introduction



I have these questions on CA Mobile OTP:
1. When user inputs the Mobile OTP, when it travels to CA AA server is it encrypted?
2. Do we store CA Mobile OTP in database in clear text?

Environment

Release:
Component: RSKFRT

Resolution

1. The Mobile OTP key(card string) is encrypted with the activation code when sent to the client device.However, we recommend to use HTTPS for all communications for added security.
2. Mobile OTP key is encrypted and stored in the database.