The application is based on a 2D barcode (the QR Code) that the bank’s website sends prior to confirmation. The user then takes a snapshot of the barcode using the mobile phone. The phone then displays the amount and the name of the recipient.
Once the user confirms that the information is correct, the phone provides a confirmation code that must be entered in the bank’s website. The information is now approved and validated by the user without the possibility of a third-party attack.