COVID-19 has propelled society into a fully-fledged digital era where everything is connected by networks. As offline activities become restricted, enterprises have begun to strengthen non-face-to-face services and set digital transformation as a survival strategy. Over the past two years, major IT investments have been focused on strengthening digital channels and upgrading digital marketing and services.
The same goes for financial service markets. The number of visits to banks and brokerages has also gradually been decreasing in line with the reduction of operating hours of financial services and the expansion of mobile financial services. On the contrary, the number of online financial transactions has been steadily increasing. As a result, advancement of online customer service and higher levels of identity authentication technology are required.
As everything is being done online, it is getting more difficult to verify the identity face-to-face. The problem is that non-face-to-face authentication, which is only conducted online, is gradually exposing weaknesses. For example, when you reissue the password of an Internet bank, you go through the steps of taking an ID photo and verifying yourself through a video, but if the communication network connection is poor or the ID card is damaged, there is virtually no way to prove your identity.
Although the government's deregulation is required pre-emptively, various alternatives to identity authentication are required. Also, financial service firms are faced with the task of securing the convenience of user authentication without visiting a branch.
The most commonly used authentication method is one time password (OTP). It's been recognised for its stability as an authentication tool with an unpredictable password generation that regularly changes according to a random generation algorithm.
Now, OTP has evolved into mobile OTP that is used as a major user authentication method in financial transactions. Mobile OTP is a one-time password generator used as an app on a smartphone. However, mobile OTP also has problems. It is vulnerable to information leakage and exposure because it uses a fixed identification value. Also, primary user authentication is impossible with the mobile OTP code only.
Tokenization using dynamic codes like mobile OTP relies on two-way communication between user and server, making it difficult to use in an off-the-network environment. This is because previous technologies have been unable to authenticate the user by sending a dynamic value uni-directionally.
swIDch's One-Time Authentication Code (OTAC) authenticates the user through a dynamic code generated by the client device itself, unlike tokenization requiring two-way communication or OTP used only for secondary authentication. It is the most advanced authentication method so far.
OTAC is provided in the form of a mobile phone application, or an applet embedded in an IC chip in a physical card or SIM car, making it an attractive alternative technology. The usage method is not much different from existing authentication solutions . If you want to log in to a service, you can authenticate the user through an app or a card with OTAC technology instead of ID and password.
The global market is paying attention because it is possible to provide authentication services based on a physical card as well as an app. In fact, South Korea's Toss Bank provides both authentication and payment at the same time through a debit card with OTAC embedded.
Major global card players have been rushing to migrate to combi cards, which allow payment by simply tapping on a card reader for safer card use. A combi card (also known as dual-interface card) is a smart card with a built-in central processing unit (CPU). It integrates contact and contactless card functions so that there is memory shared with each other on one card. One of the main drawbacks with these cards for manufacturers are the higher manufacturing costs when compared to the existing card types.
However, if a combi card can be expanded to encompass authentication functions rather than simply payment functions, it could be a game changer. What if you could use a combi card as a secondary authentication medium for large remittances, as a key card to open an office door, and as a medium to generate a QR code for logging into a mission-critical website?
swIDch has demonstrated its potential by embedding the OTAC applet in the IC chip of the payment card. Without the need to install additional infrastructure or add a security layer that affects the system, it is now possible to expand and use one payment card for other purposes, such as financial transaction authentication and ID cards. As a result, this innovation is clearly able to respond to the burden of rising unit prices with its ‘multi-function’ capabilities.
You might say that the physical card is a time-limited payment method that will eventually be replaced by the virtual card. However, swIDch’s proposal to expand the applications and functions of a single physical card could extend the life of physical cards for years to come, just as radio has survived the TV era and is still holding its place in the mobile era. One thing is for sure; swIDch's proposition is a wise attempt to increase security and improve user experience in the digital age where identity authentication is essential.