Mandiri Mobile Token

Mandiri Mobile Token is an application-based token that functions as an authentication tool for transactions within Bank Mandiri's services, specifically for the Kopra Cash Management (KCM) service. The Mandiri Mobile Token (hereinafter referred to as the Mobile Token) is a type of soft token that must be downloaded and activated on the user's smartphone device.

Registered users who are designated as approvers/releasers in Kopra Cash Management can use the Mobile Token as an authentication tool for transactions.

Transaction approval authentication using either QR Code scanning or OTP (One-Time Password) methods.

• QR Code scanning is used for transaction authentication on the Kopra website (koprabymandiri.com).
• OTP is used for transaction authentication on the Kopra Mobile App.

• Enhanced security when transacting in the Kopra Cash Management
• Flexibility and time efficiency during transaction authentication
• The ability to register multiple mobile tokens within a single application
• User-friendly application interface
• No replacement fees for lost or damaged tokens

• Kopra Cash Management Wholesale users are charged Rp100,000 per token after taking the two free mobile token quotas.
• Kopra Cash Management Retail users are charged Rp50,000 per token for each mobile token registration.

• You can visit the nearest Bank Mandiri branch or contact a Bank Mandiri sales representative to register for a mobile token.
• You fill out the Cash Management application form to specify the number of mobile tokens needed for approvers/releasers within their Company ID.
• Submit the signed application form to the branch or sales representative.

• Ensure that the phone number registered for the Approver/Releaser is an Indonesian number with the country code +62, or a foreign number with the appropriate country code.
• Ensure the phone number is active, can receive SMS messages from the bank, and has a minimum balance or limit of Rp875 for each OTP code sent via SMS. During mobile token activation, the OTP code for the user verification will be sent via SMS to the registered phone number of the Customer's Approver/Releaser

• Download and install the Mandiri Mobile Token application on your phone from the Play Store or App Store. The Mandiri Mobile Token app logo is shown below.

• Open the Mobile Token app on your phone.
• Click the “Activate” button in the Mobile Token app.
• Read and agree to the Mandiri Mobile Token Terms and Conditions.
• Log in to the Kopra Cash Management service on the Kopra website (koprabymandiri.com).
• Select the Mobile Token Activation menu under Utilities.
• Enter your phone number on the Kopra website.
• Click the Request OTP button to send the OTP to your phone number (SMS charges for sending the OTP apply to the registered phone number).
• Enter the OTP code you received via SMS into the OTP field on the Kopra website.
• Click the “Activate” button on the Kopra website.
• Scan the QR Code displayed on the Kopra website using the Mobile Token app.
• Enter the Verification Code shown on the Kopra website into the Mobile Token app.
• Click the OK button to confirm.
• Enter the Registration Code generated by the Mobile Token app on the Kopra website.
• Click the Next button on the Kopra website and Continue on the Mobile Token app to complete the activation process.
• Enter information related to the user registered with the mobile token, such as Company ID, Company Name, and User ID.
• Create your Mobile Token PIN by entering a 6-digit code.
• Confirm the Mobile Token PIN you created.
• Click the OK button to start using your Mobile Token.

• The user logs in to the Kopra website (koprabymandiri.com) as an approver/releaser and selects the transaction to be approved from the Pending Task menu.
• A QR code will appear when the user is ready to approve the transaction.
• Open the Mobile Token app, then log in using your PIN or biometric authentication.
• Tap the Scan QR Code button on your Mobile Token.
• Once the scanning screen appears, scan the QR code displayed on the Kopra website.
• If the QR code is valid, a response code will be displayed on the screen for 30 seconds.
• Enter the response code into the Kopra website, then click Approve to complete the transaction approval process.

• Open the Mobile Token app on your phone.
• Tap the OTP Code button.
• Copy the OTP code and input it into the Kopra Mobile App (note: the OTP code resets every 30 seconds).
• Tap Confirm button to complete the transaction approval process in the Kopra Mobile App.

Customers can click “Forgot PIN” on the login page that appears when opening the app after activation is complete. By selecting “Forgot PIN”, the customer will need to reset their PIN. To request a PIN reset, the customer can contact the Mandiri Call Center at 14000. The PIN reset process is the same as the token unlock process.

• If the customer has completed activation in the Mandiri Mobile Token app but not yet on the Kopra website, they can use the “Unlink” feature in the Settings Page of the Mandiri Mobile Token app.
• If the customer wishes to switch to a new phone, they can deactivate the mobile token on their old device using the “Unlink” feature after deactivating the mobile token.
• Note: Once the customer agrees to “Unlink,” their Mobile Token will automatically be deactivated on their phone. To use the Mobile Token again, the customer will need to go through the activation process again.
• The “Unlink Token” menu can be accessed by clicking the triple-dot (three dots) button next to the profile menu.

If the customer’s phone is lost, damaged, or needs to be replaced, they can deactivate the Mandiri Mobile Token on their previous phone using the “Deactivate” feature on the Kopra website through their sysadmin account (for Kopra Cash Management Wholesale customers only). Here’s how to deactivate the Mobile Token via the Kopra website:

• Log in to the Kopra website with the Sysadmin account.
• Access the “Authentication Device Monitoring” menu.
• Select the User ID to be deactivated, then click on the User ID.
• Click the “Deactivate” button.
• Confirm the deactivation action by clicking “OK”

For KCM Retail customers, deactivation requests can be made through a Bank Mandiri branch or by contacting the Bank Mandiri Call Center at 14000.

Users can access the User Guide in Mandiri Mobile Token by clicking on 

• Risk of User Data Security
  User and company data stored in the application may become a target for exploitation if the device is misused by unauthorized parties.
   
• Risk of PIN Input Errors
  Users may lose access to the application if they repeatedly enter an incorrect PIN when logging into the application.
   
• Risk of Response Code Input Errors
  Errors in entering the response code into the Kopra Cash Management may result in transaction approval failures and the mobile token being locked.
   
• Risk of Device Loss or Theft
  If the device used for the mobile token application is lost or stolen, the user data stored in the application and the mobile token itself may become vulnerable to misuse.
   
• Risk of Application Reactivation
  Mobile tokens can only be used on one activated device. If the device is lost or damaged, users must perform reactivation on another device under their control. If the reactivation process is carried out without the user’s knowledge, the mobile token could be misused by unauthorized parties.
   
• Risk of Non-Compliance with Updates
  If users fail to update the application regularly, security vulnerabilities that remain unpatched may be exploited.

Customers can visit a Bank Mandiri branch or contact the Bank Mandiri Call Center at 14000, providing the information such as Token Serial Number, Company ID, User ID, and Identity Card.

Customers can visit a Bank Mandiri branch, providing the information such as Token Serial Number, Locked Token Challenge, Company ID, User ID, and Identity Card.

If you experience issues while using the Mobile Token, please visit the Bank Mandiri branch, contact the Mandiri Call Center at 14000, or email kopra@bankmandiri.co.id.