Article:

Is software-based Biometrics Authentication the solution to ASEAN’s regulatory challenges?

By Joseph Gan, CTO at V-Key

Banks in Southeast Asia should look towards software-based biometrics as the way forward to navigate the regulatory differences in the region and secure their customers’ transactions.

The ASEAN region is made up of 10 countries, with clear differences in their geography, language, culture and economic success. It is also an area with differing banking regulations.

The Monetary Authority of Singapore (MAS) adopts a regulatory approach that supports technology in banking, even creating a \”sandbox\”environment to test and trial innovations. Singapore’s neighbours in the region, although making steady strides in fintech innovation, still have some way to go, which means the regulatory frameworks are a few steps behind as well. For example, Malaysia’s central bank has recently called for a similar regulatory sandbox framework while Thailand has called for more regulation in fintech to minimise risk and protect consumers’ identities.

This heterogeneity in ASEAN’s regulatory landscape can make it very difficult for banks to do business in the region.

The creation of the ASEAN Banking Integration Framework in 2014 was a step in the right direction. The framework allows certain qualified banks that have adequate capital, resilience, good management and which adhere to prudential banking requirements to have wider access and more freedom to expand across countries in the ASEAN region. While this is a positive sign for banks, the integration will only take place in 2020, moving at a slower pace than other areas of integration in the region, such as trade integration in the form of reduction of tariff rates.

Which means the existing complexity and differences in regulations will still be a challenge for banks. Neal Cross, Chief Innovation Officer, DBS Bank, said at the Singapore Fintech Festival: “The biggest problem in ASEAN is the difference in regulations. To successfully establish our presence in another country, we always have to comply with two regulators – MAS and the regulator of the other country involved – and that’s tough. If ASEAN really wants to be the global fintech hub and a serious force in finance, this needs to be fixed.”

 

Providing convenient and secure software-based biometrics

One way that fintech can contribute to helping address this issue of differing  regulations is through the use of biometrics. Biometrics as a means of authentication provides a robust layer of security as it’s based on a unique identity in users’ physiology and behaviour – for example, fingerprints, iris scans, or facial recognition – something inherent to them, instead of something they know or own such as a password or a hardware token. This would ensure that users don’t depend on memorising passwords or carrying hardware tokens, the usage of which may be regulated differently across geographical borders.

However, fingerprints or iris scans are only supported on limited mobile devices due to the specialised hardware required to securely store and match the biometrics. To address this, banks can also use additional software-based biometrics such as facial recognition or eyeprints in order to achieve broader compatibility. Companies such as V-Key have been rolling out secure fintech solutions for banks and can help with regulatory acceptance by securing such software-based biometrics on end-user mobile devices using a virtual secure element.

In addition to the added security, biometrics allows banks to do away with the costs of deployment and scaling, making it easier to expand operations into newer, untapped markets cost-effectively. And with many banking customers already conducting transactions via their laptop and mobile devices, a transition to biometrics would be easy, as such gadgets already have built-in cameras for software-based biometrics.

From the end users’ perspective, biometrics also negates the inconvenience of handling multiple hardware tokens, allowing more people to access financial services, including the unbanked population. It provides a more reliable, convenient and secure form of authentication compared to personal identification numbers (PINs) or passwords, whether used digitally or at a physical bank branch. The fact that biometrics cannot be easily forged also protects customer information from being compromised by fraud.

This idea was echoed by Janet Young, MD & Head, Group Channels & Digitalisation, UOB, at the Fintech Festival when she explained, ”Biometrics is the way forward as, once captured securely, it will make it easier to do business with virtually anyone in the region, as well as bring financial inclusion to the population – and that’s what the regulators should work towards.”

”How many dongles and tokens do we have to carry now? And we don’t just bank with one bank, we bank with two or three,” she said. ”If we look at the fact that, ultimately, biometrics will be used, then the cost of doing business would really go down. This should be the way forward, and how we should be persuading our regulators that it’s a worthy investment.”

V-Key has already taken steps in this direction and offers customers the latest software-based biometric verification methods including fingerprint, voice and facial recognition, achieving a balance between safety of customer data and convenient user experience. In addition, this solution is integrated to V-Key’s own security platform to allow for threat analysis and compliance reporting.

 

Using biometrics-enabled identity cards

Some banks are already practising this in the region. Singapore’s largest bank, DBS Bank, launched digibank in India in April 2016, after working closely with the Reserve Bank of India (RBI). To open an account, a customer just needs to go to any of one of more than 500 cafes across India that are listed as partners of the bank. They present their Aadhaar, the national biometrics-enabled ID card, followed by verification through a fingerprint reader at the cafe. To develop and launch digibank, DBS worked with seven fintech partners providing various solutions, including V-Key’s own soft token solution.

In the first four months of operation in India, digibank attracted more than 250,000 new clients. The bank aims to replicate this success in other countries such as Indonesia, where DBS launched their digital bank at the end of 2016. Just like in India, customers will use their biometric national ID card to open an account. This service offering is in addition to the bank’s physical presence in the country – it has branches in 13 cities in Indonesia.

 

Crossing over borders easily

Using software-based biometrics is the best way forward for ASEAN banks to navigate the complexity in the region’s regulatory landscape and to open up to markets across the borders. It is also a less expensive way for banks to operate and a more secure form of verification for customers, and should be the way forward for banking in the ASEAN region.
  

Other articles:
Article
V-Key partners with Bridge Alliance to build a Safer Digital Ecosystem

V-Key, renowned for its advanced security solutions has proudly joined Bridge Alliance as their technology Partner,  solidifying their commitment to innovation and excellence in mobile security. This partnership opens doors to explore new avenues for enhancing authentication experiences and mitigating cybersecurity risks.

Article
Making 2FA/MFA robust against smishing and related attacks

2FA/MFA was introduced to make it harder for attackers, by requiring two or more proofs of identity – also known as authentication factors. These can take many forms, but can be boiled down to: something you know (e.g., a password), something you have (e.g., a cryptographic key), or something you are (e.g., a biometric ID that is unique to you) [1].

However, 2FA/MFA is not a universal panacea that can be picked off a shelf and thrown in to solve any and all challenges presented by attackers.

Article
How do we determine the effectiveness of mobile apps’ security systems?

With the spate of remote working regime due to Coronavirus pandemic, the reliance and growth for video conferencing platform has been exponentially escalated. However, most mobile apps today are nowhere near as secure as we would like them to be.

Article
Is the detection of jailbroken/rooted phone sufficient against threats?

Functions that detect jailbroken/rooted devices are most commonly added to transactional mobile applications, serving as the most basic defense against threats. However, this is nothing but a drop in a bucket.

Article
Why Existing Mobile Software Protections are Insufficient

Recognizing that existing mobile software protections are insufficient against today’s cyber threat landscape, we take a closer look at the main types of software protections in the market.

Article
V-OS Protection against CPU vulnerabilities

Virtually every computing device in the world is made unsafe by the latest disclosures on Central Processing Unit (CPU) vulnerabilities. Find out how the virtual secure element technology is protecting millions of mobile application users against such vulnerabilities.

Article
V-OS Protection against Android Plugin malware

There has been a recent surge in Android malware abusing Android Plugin Frameworks for malicious behavior. DroidPlugin, Parallel Space and VirtualApp are several plugin frameworks that have been abused by malware in recent months to spread Android malware.

Article
Three steps to fight the Mobile Security status quo

Have financial institutions accepted a status quo that sacrifices user experience for increased security? With mobile digital identity quickly becoming central to an entire suite of online services, those who challenge the status quo will set themselves up to prosper and grow. Read more to find out three oft-ignored areas of research.

Article
Cryptography in V-OS

V-OS is the world’s first virtual secure element. Cryptography plays a dual-role in these; to secure and manage the secrets kept within V-OS, and to provide a lightweight yet comprehensive cryptographic library.

Article
Building V-OS with HSM

V-OS is the world’s first virtual secure element, a software solution with security built into the firmware code. These include secret cryptographic parameters and data, which need to be randomly generated and securely persisted, and are then transformed into code and data files.

Article
How does a Virtual Smart card protect a customer if they lose or change their mobile phone?

From banks to government agencies, many organisations are intrigued by and exploring software security solutions such as mobile tokens and mobile identity systems for individual identification, authorisation and authentication.

Article
Infographic: The next frontier in Banking transformation

As technology evolves, banks and financial institutions have no choice but to innovate. However, when it comes to security, many still rely on traditional, costly methods.

Article
Mobile Security that works for everyone

Safe, convenient and simple.

Article
The next wave of Finance: Singapore’s growing Fintech market

With global cumulative investment in financial technology (fintech) forecast to exceed US$150 billion in three to five years, economies around the world are vying to attract fintech innovators and cash in on this growing industry.