Table of Contents
The rapid expansion of mobile banking brings unparalleled convenience but also introduces new challenges in protecting customer data and assets. What is the safest solution to the problem of user authentication in mobile banking?
The Mobile Banking Wave in Vietnam
Mobile banking, a financial service provided through mobile applications on phones or smart devices, allows users to conduct financial transactions and manage accounts conveniently. In Vietnam, mobile banking is experiencing significant growth. With smartphone penetration exceeding 70% and the impact of the COVID-19 pandemic accelerating the shift to cashless transactions, mobile banking has become increasingly popular. According to the State Bank, by the end of 2022, Vietnam had nearly 1.2 billion transactions via mobile banking, with a penetration rate of 69%, one of the highest in Southeast Asia.
Vietnamese banks have seen substantial growth in mobile banking usage, with transaction volume and value increasing significantly. This surge presents a significant challenge in authenticating and protecting users’ information and assets. Multi-factor authentication (MFA), biometrics, and FIDO are the three most popular methods today.
Is Multi-Factor Authentication Enough?
Multi-factor authentication (MFA) is a familiar method but presents several obstacles regarding user experience, security level, and operating costs. Integrating MFA requires users to perform multiple verification steps, adding complexity and time to the authentication and payment process.
One-time passwords (OTPs) are often mistaken for MFA solutions. However, OTPs are not a secure type of security. They can be intercepted or redirected by hackers through methods such as SIM swapping or phishing attacks, making them less secure than assumed. True MFA inherently combines at least two of three elements: something the user knows (like a password), something the user owns (like a smartphone/security key), and something inherent to the user (such as fingerprint/face recognition).
Additionally, sending OTPs via SMS for millions of transactions incurs significant costs, averaging several hundred billion VND per year for a bank. Therefore, stronger security measures that are both convenient and cost-effective are essential. This is where biometrics and FIDO come into play.
Biometric or FIDO?
Many banks now use biometrics. When making online payment transactions, the mobile banking system requires customers to present biometric identifiers such as face, fingerprint, or voice to authenticate the transaction. The strength of this method lies in the convenience and uniqueness of biometric data. However, the secure storage and processing of biometric data remain significant concerns.
Large banks globally and some in Vietnam have pioneered the use of FIDO. FIDO, an authentication standard issued by the FIDO Alliance, allows customers to use devices/software/browsers that meet FIDO2 standards for online payment transactions. After the user enters the access code or biometrics, the device/software/browser automatically communicates with the server to authenticate the Internet Banking website and transaction. FIDO2 is secure thanks to public-key cryptography technology.
The biggest difference between biometrics and FIDO is security. Biometric data, stored centrally, is prone to leakage and future hacks. Once exposed, users cannot change their biometric data as they would with a password or security key. In contrast, FIDO creates an authentication process without transmitting sensitive data over the network. Authentication data is kept secure on user devices, minimizing the risk of attacks. According to Microsoft, FIDO can prevent more than 90% of phishing attacks targeting user login information.
FIDO also ensures simplicity, convenience, and flexibility in the customer experience. Users no longer need to remember or manage multiple passwords or perform multiple authentication steps. FIDO diversifies authentication options, allowing users to choose between fingerprint, PIN code, or physical key.
On December 18, 2023, the State Bank of Vietnam issued Decision No. 2345/QD-NHNN, stipulating the use of FIDO as a minimum authentication method for type D transactions for individuals and organizations.
Searching for a Reputable FIDO Solution Provider
The State Bank’s decision serves as a catalyst to accelerate the adoption of FIDO authentication in mobile banking for banks across Vietnam, underscoring the need for reputable FIDO solution providers.
Given the high technological demands and significant investment required in research, development, and human resources, few entities in Vietnam or globally venture into providing FIDO solutions.
VinCSS stands out as a leader, recognized twice in a row by Frost & Sullivan as a pioneer in delivering FIDO solutions both domestically and throughout the Asia-Pacific region. As the first entity in Vietnam to receive FIDO2 certification from the World Online Authentication Alliance (FIDO Alliance) for its products, services, and personnel, VinCSS offers superior security technology solutions. These solutions optimize investment costs and seamlessly integrate with customers’ existing technology infrastructure. Learn more at VinCSS.
As Vietnam commits to its digital transformation goals within the banking industry, the research and integration of FIDO for mobile banking and other banking applications have become more critical and urgent than ever.
