TuringSign Enhances Mobile Banking in Korea
Kookmin Bank Leverages Crosscert FIDO to Provide Easy Biometric Authentication to Its Customers.
January 28, 2019
There is a growing need these days for easy mobile-based authentication services in various industries such as finance, public, insurance, and education. TuringSign FIDO® produced by Turing Crypto Gmbh (Berlin, Germany) and CrossCert Inc. (Seoul, South Korea), helps to meet this demand by providing a FIDO-based biometric authentication service. Additionally, TuringSign FIDO® provides an accredited certificate service that leverage FIDO technology (K-FIDO) for user-friendly digital signing in Korea.
Challenge: Growing Need for Mobile Authentication
Solution: FIDO-Enabled Biometric Authentication
Result: Higher Security, Better Experience, Lower Cost
Challenge:
User
- 65M+ Mobile Banking Users
- Inconvenient Password Typing in Mobile
Bank
- Need for Biometric Implementation
- Risk of Biometric Credential Exposure
There are 65 million subscribers who use mobile banking services in Korea – most of whom use password-based authentication. In addition, there are 37 million people who have been issued accredited certificates in Korea.
For account transfers, subscribers generate digital signatures of transaction through an accredited certificate and verify it in their bank for user authentication, integrity and non-repudiation.
Like many consumers around the world, Korean mobile banking subscribers who have to remember their unique password feel uncomfortable for many reasons.
Firstly, inputting a password in mobile device is very difficult and time consuming. Secondly, passwords are highly susceptible to theft and misuse such as for account hijacking. Lastly, many Koreans feel uncomfortable using passwords when they use an accredited certificate based on National PKI(NPK) for digital signing.
Hence, many banks in Korea have sought to implement easy and secure user authentication technology in their online mobile banking service for subscribers, with biometric authentication approaches being a preferred model.
However, many banks have hesitated to implement biometric authentication systems that rely upon server-side storage and matching of biometric templates as they present a risk to subscribers of having biometric credentials stolen – which unlike passwords cannot be changed.
Solution: KB Bank Case Study
Status-Quo
Authentication via Password and Certification
Desired State
Stronger and Simpler Authentication
Kookmin Bank (or KB) is Korea’s leading bank in total assets (2018) and National Customer Satisfaction Index (NCSI) (2017). KB has provided a mobile banking service named ‘KBStar Banking’ which supports a variety of authentication mechanisms, but almost all of the subscribers have used password-based authentication and accredited certification in NPKI. Accredited certification is commonly used for digital signing for account transfer and loan applications.
Kookmin Bank has been seeking simpler, stronger authentication for their mobile service due to the fact that many subscribers have expressed displeasure and discomfort with the password-based approach. KB has also needed a solution for accredited certification in NPKI that does not require passwords for funds transfer, loan applications or similar services.
In November of 2016, TuringSign implemented TuringSign FIDO® FIDO client and authenticator which supports fingerprint, iris and voice biometric authentication in the KBStar mobile banking app. TuringSign FIDO® server in CrossCert’s global secure datacenter has passed ISMS and Web Trust Audit, and it has connected and operated a relying server in Kookmin Bank.
KB and TuringSign have also provided subscribers with K-FIDO based authentication and digital signing – which eliminates the need for passwords for loan applications, account transfer and similar services. The result is that subscribers no longer need to remember and input a password.
The Result:
FIDO-Enabled Biometric Authentication
Higher Security
Better Experience
Lower Cost
There are now approximately 3.5 million subscribers who are leveraging simpler, stronger FIDO-based authentication across various KBStar mobile banking apps (KBStar banking, KBStar Mini, Liiv, KB Real Estate, KBStar alarm, KB my money, Liiv TTok TTok). In total there are 16 million FIDO transactions per month and there have been over 260 million total FIDO transactions since the launch of services (as of October 2018).
Many Korean banks including KB have implemented FIDO authentication in their mobile banking apps to provide their subscribers with stronger and more user-friendly authentication. The positive user experiences in banking have set the stage of similar adoption in other industries e.g., insurance, education and government services.
Link to the official case study:
FIDO Alliance – Kookmin Bank leverages Crosscert FIDO to provide easy biometric authentication to its customers
Note: The official case study was published with the old brand name.