TuringSign Enhances Mobile Banking in Korea
Leveraging FIDO to enhance security and user experience
Kookmin Bank Leverages TuringSign FIDO to Provide Easy Biometric Authentication to Its Customers
JANUARY 28, 2019
Challenge
Growing Need for
Mobile Authentication
Solution
FIDO-Enabled
Biometric Authentication
Result
Higher Security, Better
Experience, Lower Cost
There is a growing need these days for easy mobile-based authentication services in various industries such as finance, public, insurance, and education. TuringSign FIDO® produced by Turing Crypto Gmbh (Berlin, Germany) and CrossCert Inc. (Seoul, South Korea), helps to meet this demand by providing a FIDO-based biometric authentication service. Additionally, TuringSign FIDO® provides an acсredited certificate service that leverage FIDO technology (K-FIDO) for user-friendly digital signing in Korea.
Challenge
There are 65 million subscribers who use mobile banking services in Korea- most of whom use password-based authentication. In addition, there are 37 million people who have been issued accredited certificates in Korea. For account transfers, subscribers generate digital signatures of transaction through an accredited certificate and verify it in their bank for user authentication, integrity and non-repudiation.
Like many consumers around the world, Korean mobile banking subscribers who have to remember their unique password feel uncomfortable for many reasons. Firstly, inputting a password in mobile device is very difficult and time consuming. Secondly, passwords are highly susceptibile to theft and misuse such as for account hijacking. Lastly, many Koreans feel uncomfortable using passwords when they use an accredited certificate based on National PKI(NPK) for digital signing.
Hence, many banks in Korea have sought to implement easy and secure user authentication technology in their online mobile banking service for subscribers, with biometric authentication approaches being a preferred model. However, many banks have hesitated to implement biometric autentication systems that rely upon server-side storage and matching of biometric templates as they present a risk to subscribers of having biometric credentials stolen – which unlike passwords cannot be changed.
Solution: KB Bank Case Study
Kookmin Bank (or KB) is Korea’s leading bank in total assets (2018) and National Customer Satisfaction Index (NCSI) (2017). KB has provided a mobile banking service named ‘KBStar Banking’ which supports a variety of authentication mechanisms, but almost all of the subscribers have used password-based authentication and accredited certification in NPKI. Accredited certification is commonly used for digital signing for account transfer and loan applications.
Kookmin Bank has been seeking simpler, stronger authentication for their mobile service due to the fact that many subscribers have expressed displeasure and discomfort with the password-based approach. KB has also needed a solution for accredited certification in NPKI that does not require passwords for funds transfer, loan applications or similar services.
In November of 2016, TuringSign implemented TuringSign FIDO® FIDO client and authenticator which supports fingerprint, iris and voice biometric authentication in the KBStar mobile banking app. TuringSign FIDO® server in CrossCert’s global secure datacenter has passed ISMS and Web Trust Audit, and it has connected and operated a relying server in Kookmin Bank.
KB and TuringSign have also provided subscribers with K-FIDO based authentication and digital signing – which eliminates the need for passwords for loan apllications, account transfer and similar services. The result is that subscribers no longer need to remember and input a password.
The Result
There are now approximately 3.5 million subscribers who are leveraging simpler, stronger FIDO-based authentication across various KBStar mobile banking apps (KBStar banking, KBStar Mini, Liiv, KB Real Estate, KBStar alarm, KB my money, Liiv TTok TTok). In total there are 16 million FIDO transactions per month and there have been over 260 million total FIDO transactions since the launch of services (as of October 2018).
Many Korean banks including KB have implemented FIDO authentication in their mobile banking apps to provide their subscribers with stronger and more user-friendly authentication. The positive user experiences in banking have set the stage of similar adoption in other industries e.g., insurance, education and government services.
Note: The official case study was published with the old brand name.
Leap into the Future of
Digitalization with TuringSign FIDO
Get in touch with a TuringSign FIDO security expert to secure your online – and mobile applications
Ready to go Passwordless?
Do you want to learn more about TuringSign FIDO? Leave your details and a dedicated partner manager will get in touch with you today.
Want to Contact Us Directly?
Contact us at [email protected]