A cybersecurity executive strategist at Citibank recently spoke at the EmTech Asia 2016 conference where he emphasized the need for Asian banks to adopt biometric authentication solutions for mobile users instead of using PINs and SMS-based OTPs (one-time passwords), according to a report by ZDNet. Tony Chew, Citibank’s global head of cybersecurity regulatory strategy, said that banking apps ought to add support for biometric technology, and condemned the apps for lacking “imagination and creativity”. He said the industry must undergo “a big change”, citing the results of a recent survey that found that 70 percent of consumers desired better mobile banking products, but also expressed concerns about security.
Chew said it was “absurd” that most banks still rely on passwords and PINs to authenticate customers, and criticized SMS-based OTPs as being an inconvenient method for authenticating transactions. Chew, who previously served as the director of technology risk supervision at the Monetary Authority of Singapore (MAS), said that the country used to have one of the safest security systems in the world. Online banking experienced zero or extremely low fraud losses over several years, Chew added.
However, the two-factor authentication system proved to be an inconvenient system to adopt on smartphones for users of mobile banking and payment services.
But as more consumers use smartphones to access and share data online, the country would need to provide reliable security for conducting banking transactions, which means that the current system of PINs and SMS OTPs would have to be replaced. Additionally, Chew called for innovation in mobile banking, particularly in regards to payments. He recommended that mobile banking apps implement biometric technologies like facial and voice recognition.