A cybersecurity executive strategist at Citibank recently spoke at the EmTech Asia 2016 conference where he emphasized the need for Asian banks to adopt biometric authentication solutions for mobile users instead of using PINs and SMS-based OTPs (one-time passwords), according to a report by ZDNet.
Tony Chew, Citibank’s global head of cybersecurity regulatory strategy, said that banking apps ought to add support for biometric technology, and condemned the apps for lacking “imagination and creativity”.
He said the industry must undergo “a big change”, citing the results of a recent survey that found that 70 percent of consumers desired better mobile banking products, but also expressed concerns about security.
Chew said it was “absurd” that most banks still rely on passwords and PINs to authenticate customers, and criticized SMS-based OTPs as being an inconvenient method for authenticating transactions.
Chew, who previously served as the director of technology risk supervision at the Monetary Authority of Singapore (MAS), said that the country used to have one of the safest security systems in the world. Online banking experienced zero or extremely low fraud losses over several years, Chew added.
However, the two-factor authentication system proved to be an inconvenient system to adopt on smartphones for users of mobile banking and payment services.
But as more consumers use smartphones to access and share data online, the country would need to provide reliable security for conducting banking transactions, which means that the current system of PINs and SMS OTPs would have to be replaced.
Additionally, Chew called for innovation in mobile banking, particularly in regards to payments. He recommended that mobile banking apps implement biometric technologies like facial and voice recognition.
With tech vendors increasingly integrating biometric support in their products, the technology should now be more easily enabled on smartphones, Chew said.
He also emphasized that biometrics offer stronger security than PINs and passwords when it comes to authentication and verification, as they are able to directly tap into individual’s unique physiological and behavioural traits to generate the user authentication template.
Chew said that biometric technology’s level of accuracy and robustness has improved considerably over the past few years, adding that it “is definitely superior and better than the [security] Q&A [process], which is a ridiculous form of authentication, as is SMS OTP.”