Securing banking transactions has been a pre-occupation of banks and regulators for as long as modern banking practice has been around. After all, banks are the most logical target for criminal elements because that is where the money is.
Banks today use a number of authentication practices to protect customer’s financial assets – from multi-factor authentication to encryption, to the use of blockchain to counter the potential for fraud.
CREALOGIX' Asia-Pacific managing director Pascal Wengi offered his views on security tokens and how its use is evolving in the region.
If you compare the profile of the banking customers, is there a marked difference between current banking customers as well as those from 2 years ago?
Pascal Wengi: I believe that within retail banking we remain almost the same, from the customer’s perspective – it has to be as convenient as possible, have to be everything in mobile so it remains almost the same.
Among corporate and SME banking customers, we are seeing that many of those corporate and SMEs have more than one account. They would like to have one access point to their complete financial universe and not having multiple digital access points to their universe [of financial assets].
Within wealth and private banking is where the biggest disruption happening because here the customer likes to have a different kind of advisors. Among the mass-affluent, we are seeing quite a strong [adoption of] robo-advisory solutions.
So the High Net Worth clients, they are looking for a hybrid advisory – they want to be able to do certain things themselves, but the advisor still does the other things like risk profiling, making them a proposal. The advisor is still taking care [of them].
Are banks in Asia ready to move to soft tokens?
Pascal Wengi: Our recent campaign suggests it is actually quite simple for us to sell the idea of the soft token. Most of the financial institutions have a hard token and many also support the SMS hub – where you get an SMS message to validate a transaction.
These services are currently limited to affluent and mass affluent customers because there is a cost associated with for instance sending an SMS notification.
Now what we [CREALOGIX] have done is combine the soft token with push alerts – so you can have the same application which sends you push alerts, works the same like SMS or the soft token, works the same way you get a WhatsApp message you can confirm and you are logged in. UOB did it, and now DBS did it as well, in Singapore.
Soft token is quite easy to sell because the benefits are tangible. So UOB claimed they saved $25 million because they don’t send SMS-es anymore. For me, soft tokens have three big selling points:
1. It is cheaper – After two years, you already break-even
2. It is more convenient
3. It is even more secure than SMS
How do you ensure that [soft tokens] are as secure as possible for both the end customer using the technology as well as the banks that are making use of the technology for their customers?
Pascal Wengi: What we have done with our soft token, we manage two channels: our mobile banking application talks over the back-end channel with the database from the bank so it’s like the HTTPs access point and at the same time, we send through a different channel, the same information and they have to be validated at the back end.
So to hack a payments transaction, for example, you need to hack both channels otherwise it is not going to be possible. In the case of CREALOGIX, we partner with a known company called Intersect to enable two-channel authentication with one device.
How do you see CREALOGIX’s business strategy evolving to counter a very aggressive cyber hacking community, comply with stringent requirements by banks and regulators to provide a secure connection while meeting the customer’s need for access to their account?
Pascal Wengi: We built an ecosystem of partners who bring different experiences to the table. For instance, around digital banking, we have three security partners. Because we believe that there needs to be someone, a company with X amount of people who are just doing that, just taking care of security, making sure a soft token works.
Bus as I said it’s a very hard question to just answer because banks are struggling with that [same question] themselves.