Banks around the world have switched to eKYC
Know Your Customer (KYC) is a mandatory requirement for credit institutions when customers open a new bank account. Along with the development of technology and to simplify procedures, cut out paperwork, and facilitate for customers, now banks in many countries with the approval of the competent authorities, have and is moving to identify customers electronically – eKYC, also known as Electronic Know Your Customer.
Mr. Pham Tien Dung – Director of the State Bank’s Payment Department (SBV) said: “Talking about Fintech is about technology, the first thing that is problematic in all the banks that we know is KYC electricity. If the bank can’t deployed eKYC, even on the internet, with the current regulations of having to meet face to face to handle, there may be tens of thousands of people entering the bank’s records, but only hundreds, thousands people are dealt with by meeting face -to-face. We will miss out many opportunities and limit the growth.” (Excerpt from the article on Young Knowledge newspaper about the Workshop “Banks & Fintech: Challenges & Opportunities” on November 10, 2017)
Also in the in-depth seminar on Blockchain technology and eKYC, held by the State Bank of Vietnam (SBV) in collaboration with the Asian Development Bank (ADB) in April 2018, Fintech Committee comments that eKYC has been identified as one of the priority areas for in-depth research.
Instead of identifying customers by face-to-face, complicated paper document collation, eKYC performs customer identification electronically without having to meet face-to-face thanks to the support of advanced technologies, such as checking and comparing personal information instantly with centralized database on user identity, Biometrics Authentication, identifying customers thanks to artificial intelligence (AI), … Banks, financial institutions can save time, money and manpower for this work, and at the same time help customers have a better user experience for banking services.
Below, Hyperlogy would like to share the process of developing authentication in e-banking transactions:
1. Authentication based on user identity (Username and Password)
The combination of a pair of Username and Password is the most popular authentication method today. This authentication method is not highly secure, because the Username and Password pair information used to log into the system that we send authentication is in character, in case it is not encrypted it can be intercepted on the transmission line, even in the process of setting up the Password can be revealed because it is too simple (form ‘123456’, ‘abc123’ etc.) or easy to guess (name / date of birth of a relative…). This type of authentication is also easily overtaken by hackers by fraudulent use of impostor websites, this scam is easy to perform, in fact many customers using banking services in Vietnam have been exposed to scammed by this form.
2. Electronic signature
This is a solution recognized by many countries in the world (including Vietnam) for the legality, the security of electronic signatures is very high, can thoroughly solve security risks in online transactions. Normally, electronic authentication (Certificate) is contained in the USB Token, phone SIM card, File,… In order to authenticate transactions, the user must have a device with electronic authentication and PIN to unlock, so this type of authentication also has another name called Two Factors Authentication, in this case two factors can be understood including the carrier (USB Token, SIM card, dialog, File,… contains Certificate) and PIN code. However, because this method is complicated and difficult to use, it is suitable for corporate customers rather than individual customers, the popularity is not high.
3. OTP Authentication – One Time Password
Compared with the authentication method using Username / Password, with OTP authentication, banks can greatly increase the level of security thanks to the additional verification factor. For example, to authenticate the user transfering money via Internet Banking, customers log in with their Username and Password right after entering the application, then have to provide OTP (One Time Password) to transfer. OTP can be derived from:
– SMS OTP – A method to send authentication codes via SMS
– Mobile App – OTP number was born on a mobile application
– Token – Electronic number card
In Vietnam, Hackers used to deceive customers to deliver OTP codes through simple fake tricks such as pretending to be bank staff to call customers to offer OTP numbers, so this method also requires ask users with a certain level of security awareness. On the other hand, if used via SMS, OTP may arrive late or not even come, and the bank must pay the telecommunications service provider for each authenticated message.
4. Authentication using Biometrics Authentication methods
This is an authentication model with high security, easy to use, based on the biological characteristics of each individual, in which forms such as:
a. Palm vein authentication
+ High accuracy
+ Liveness detection
– Disadvantage: Not yet supported on the phone, the cost is still high.
ATM machines can use this technology instead of PIN code form. Banks can also apply internal processes such as credit approval, money order order, etc., which are executed by bank staff, avoiding internal risks.
b. Iris scanner / Recognition
+ High precision
+ Liveness detection
+ Performed on mobile devices
c. Fingerprint scanner
– Advantages: High accuracy
– Disadvantage: Not all devices support
In fact, some banks have applied fingerprint authentication technology for ATMs and Ebanking systems. Because the fingerprint pattern of each individual has unique characteristics, it will help ensure the safety in account transactions, avoid the case of forging the account holder signature, use fake ID card when making transactions at the counter or use fake cards, stolen cards for transactions at ATMs.
d. Face recognition
Facial recognition technology works by detecting features on the user’s face. This method will help customers simplify banking transactions: money transfer / mobile payment / POS while still ensuring safety and security.
+ Easy to use, simple, improve user experience
+ Can be done on mobile devices
– Disadvantage: The accuracy is not equal to palm vein or iris authentication. However, this technology is increasingly perfect and has been widely applied in a number of countries.
e. Voice recognition authentication
The voice biometric technology recognizes the customer’s voice characteristics like fingerprint recognition separately for each customer.
+ Easy to use, simple, convenient, improving user experience
+ Can be done on mobile devices
– Disadvantage: Similar to facial recognition authentication method, its accuracy is not equal to palm vein authentication.
Thanks to the great advances in biotechnology, authentication based on biometric identification is becoming more and more popular and widely accepted.
eKYC – Indispensable development trend in the digital age
Electronic Know Your Customer method (eKYC) will really help banks much more convenient in simplifying procedures, improving customer experience, improving security, as well as helping consultants identify users, support them to sell more products and services (Cross Sales, Upsales), to better serve and meet the needs of customers in the direction of One Stop Shopping (customers only visit one place and meet all your financial transaction needs).
It can be said that this is an inevitable development trend in the digital age when the digital economy becomes more and more clear today. And eKYC is playing an increasingly important role, an essential fundamental service for the development of the current digital banking model in Vietnam.
Hyperlogy is always ready to provide eKYC solutions for all banks
Every bank needs a breakthrough solution to save time and money, the eKYC solution that Hyperlogy offers will help solve these problems. We are fully confident that the latest technologies that Hyperlogy has researched will bring electronic customer identification solutions for business expansion activities, while ensuring information security in the banking sector.
You can refer to SMART FORM – an intermediary system that helps to centralize data (internal banking service data as well as from external service providers, customer data), connect to core systems safely, conveniently and quickly. This solution was built and deployed by Hyperlogy for Military Commercial Joint Stock Bank (MB) and An Binh Commercial Joint Stock Bank (ABBANK).