South Korea adds biometric authentication rules for mobile transaction security, Taiwan could follow
State watchdog the Korea Financial Telecommunications and Clearings Institute (KFTC) has introduced a new biometric authentication model to protect online and mobile transactions from hacking and forgery attempts, writes Aju Business Daily.
“Because the biometric verification method relies on sensors created by device makers, there are dangers of authentication failure due to forgery and alteration,” a KFTC official said.
The watchdog claims that verification devices such as smartphone cameras can be hacked into by manipulating vulnerabilities in online banking systems or sensor hardware, exposing the biometric data collected.
KFTC claims to have developed an upgraded system that identifies digital forgery and automatically prevents the authentication process by cutting communication with the biometric server. The new system lets users access financial services with data kept in separate data centers to prevent compromise in case of a data breach. This will replace the country’s legacy digital accredited certificate system that used key files and passwords.
Taiwan companies seek updated ID rules
Financial companies in Taiwan are asking the country’s Financial Supervisory Commission to reconsider rules regarding consumer identity authentication, KYC data sharing and sandbox testing by allowing advanced identity verification methods to replace Citizen Digital Certificates, says Taipei Times.
The meeting in Taipei was joined by four local banks, Yuanta Securities Investment Trust Co and the Chinese National Futures Association.
Online bank Line Bank explained that plastic cards cannot be read by mobile devices, while Next Bank and Yuanta Securities Investment asked that cooperation with electronic payment companies be allowed for identity authentication.
CNFA chairman Falco Mi said there is no universal solution to completely prevent fraud, as some criminals can use fake photographs. Mi believes the commission should allow companies to choose for themselves which method to deploy.
EasyCard Corp, E.Sun Commercial Bank, Yuanta Financial Holding Co and Capital Securities Corp asked to either be allowed to share KYC data to save resources and lower costs, or for the regulator to implement a platform for KYC checks.
“More clients are applying to open accounts online amid the coronavirus outbreak, but when clients come from nowhere but the Internet, we cannot really figure out who they are, and it takes a much longer time conducting KYC [checks] than at our physical units,” Capital Securities president Alex Chia said in a statement.
According to CTBC Financial president Daniel Wu, sandbox testing should be the responsibility of financial companies that need to be held accountable in case of breaches or fraud.
To keep in line with its peers in Japan and South Korea, the commission could divide the non-financial firms into groups of different business scales, and large non-financial firms should take some responsibility, too, Wu said.
Shin Kong Life Insurance Co. vice chairwoman Catherine Lee said that the commission should assign a third-party agency to helping insurers exchange their data with medical institutions, which would make insurance claims more convenient for clients.
The measure would encourage clients to choose medical insurance policies or other protection-type products, Lee said.