Articles:

How does a Virtual Smart card protect a customer if they lose or change their mobile phone?

From banks to government agencies, many organisations are intrigued by and exploring software security solutions such as mobile tokens and mobile identity systems for individual identification, authorisation and authentication. 

This raises questions such as: What happens if a mobile banking customer loses or changes their phone? How does upgrading devices impact a person’s mobile identity? 

Here are the answers to these common questions – based on an interview with Zhifeng Koh, Senior Product Manager at V-Key. 

 

What happens if a person using V-Key-secured applications loses their phone?

Even when a person loses their mobile phone, all of their critical information in V-Key-secured applications, including those related to mobile banking, stay protected. 

Most mobile banking apps have two layers of built-in security – the phone’s lock screen, and the mobile banking username and password. V-Key adds a third and extremely resilient layer of security: a secure container within the mobile app that stores and processes all critical information. Even if the first two layers are compromised, the data within the secure container remains protected. 

What’s more, V-Key-secured applications can only be accessed by one person, on one device alone. Cybercriminals cannot use lost or stolen devices to login with other credentials. 

When the person gets a new phone, they should contact their service provider to reactivate the application on their new device. 

 

What happens if a person using V-Key-secured applications changes their phone?  

The process for changing a phone is similar to replacing a lost phone. If a person changes phones, they should contact their service provider to reactivate the application on their new device. The exact process depends on the business or service provider. For example, some of V-Key’s customers prefer to send their users a secure mailer containing a QR code that, when scanned, will activate the application on the new device, and deactivate the old one. 

If the old phone was secured using biometrics, the biometric registration process must take place again. This is to maintain the high level of security that biometric solutions offer. Re-registering an eye print, face print or voice print is similar.

 

If a customer uses a mobile identity system, what is the security impact of losing or changing a phone?

A mobile identity is a digital profile that corresponds to a real person. To set up a mobile identity, a person needs to provide a trusted source of information, such as a government-issued identity document. Because a mobile identity contains valuable personal data, access should be controlled using biometrics. 

Think of a mobile identity as a more secure, convenient and authenticated version of autocomplete services such as Google Auto Fill. When an application needs access to personal information – such as credit card details and a shipping address – the mobile identity system requests permission to provide those details. Authorisation is completed via biometric verification. 

Ideally, mobile identities should be protected by biometric verification. If this is the case, the security impact of losing or changing a mobile phone is minimal. If a person does lose a phone with a mobile identity, they can also remotely wipe or lock it. 

 

How are V-Key solutions safer than existing security methods?

V-Key solutions are significantly more secure than methods used by some of the world’s biggest banks and government agencies. Let’s use hardware tokens as an example. When a banking customer loses a hardware token, anyone can press the button and generate a code. If the customer is being targeted by cybercriminals, they may already have the user’s online banking username and password. 

In addition, people often don’t pay attention to where they store hardware tokens – they are tossed in bags or drawers and forgotten about. If a token goes missing, security could be compromised for weeks before a customer notices. Then, once they realise that the token is missing, they contact the bank and wait several business days for the new token to arrive in the mail. 

On the other hand, it is difficult to pick up a device on the street and gain access to a V-Key secured mobile banking application. With multiple security layers, possibly including biometric verification, hackers cannot conduct banking transactions on a lost or stolen device. What’s more, people check their phones multiple times a day as opposed to tokens which are only taken out only when needed. So if a phone is missing, people notice almost immediately – providing more time to lock or remotely wipe a device as needed. 

 

If a customer uses mobile identity systems, what is the day-to-day impact of losing or changing a phone?

Mobile identity systems are tied to the phone hardware and need to be recreated when moving to a new device. If a person changes phones but has not yet recreated their mobile ID, they will need to fall back to traditional verification methods, such as an SMS one-time password, hardware token or non-mobile channel (i.e. in person at the bank), to access applications that use the mobile identity system. This level of security is critical for protecting a user when they lose their phone, as their identity is at greater risk of being stolen.

 

With regards to V-Key’s solutions, what steps should a person take if a phone is lost, or they plan to upgrade devices?

A person that uses a V-Key-secured application or mobile identity should inform their service provider. Each service provider has different processes for reactivating mobile banking applications and setting up new mobile identities. 

 

What else can people do to protect their data in case a device is lost?

A person using V-Key-secured applications or a mobile identity does not need to take any additional precautions to safeguard their data, as the safeguard is already built in to the solution. Robust security measures are built into every solution at every step of the digital process. These measures include biometric verification; multiple layers of security; the fact that users can only access an app or use mobile authentication on a single device; remote wiping; and, in the case of mobile banking, automatically verifying transactions to prevent fraud. In turn, this makes protection as convenient as possible – even when a device is lost or replaced. 

 

Other articles:
Article:
Heralding a Fintech Revolution: Q&A with Benjamin Mah, CEO, V-Key

Benjamin Mah, CEO of V-Key shares how people-first payment technologies will transform the fintech industry and how digital security pioneer V-Key is enabling this.

Article:
The next wave of Finance: Singapore’s growing Fintech market

With global cumulative investment in financial technology (fintech) forecast to exceed US$150 billion in three to five years, economies around the world are vying to attract fintech innovators and cash in on this growing industry.

Article:
What tomorrow looks like

V-Key is building towards a soon-to-be-realized future where all mobile users can enjoy unprecedented security and convenience. Take a peek ahead with us, and share our vision of what the future of mobile security looks like.

Article:
Mobile security that works for everyone

Article:
Is software-based Biometrics Authentication the solution to ASEAN’s regulatory challenges?

Banks in Southeast Asia should look towards software-based biometrics as the way forward to navigate the regulatory differences in the region and secure their customers’ transactions.

Article:
Three steps to fight the Mobile Security status quo

50 minutes per day. That’s the amount of time an average user spends on Facebook, Facebook Messenger, and Instagram. There are lots of reasons for the “stickiness” of these social networking apps, but a big part of their appeal is what they don’t have—friction.

Article:
Infographic: The next frontier in Banking transformation

As technology evolves, banks and financial institutions have no choice but to innovate. However, when it comes to security, many still rely on traditional, costly methods.

Article:
Building V-OS with HSM

V-OS is the world’s first virtual secure element, a software solution with security built into the firmware code. These include secret cryptographic parameters and data, which need to be randomly generated and securely persisted, and are then transformed into code and data files.

Article:
V-Key redefines Mobile Cybersecurity

Learn how we’re providing secure software solutions to protect over 30 million users on the edge (on their mobile device) and in the cloud, without the need for a ‘steel fence’. And why we’ve been called ‘free insurance’ for protecting all your mobile transactions.

Article:
V-Key secures UOB Mighty

Slightly over a year into our partnership with UOB, we checked in with Dennis Koh, First Vice President of UOB. He shares with us how V-Key has worked with UOB to secure UOB Mighty; as well as upcoming plans for further enhancing the mobile security experience for UOB’s customers.