In a hyper connected world mobile phones have become an essential part of our lives, not only for communication and entertainment, but also for authentication and payment transactions. Many online services, such as banking, shopping, and social media, require us to verify our identity or confirm our actions using our mobile phones. However, what happens when we lose our phones or they get stolen? How do we access our accounts and protect our personal and financial information? In this article, we will explore the challenges and solutions of mobile phone dependency for online security, and discuss the best practices and tips to prevent or recover from such situations.
Navigating the Dark Side of Digital Dependency
Imagine this: While on vacation your phone is stolen, leading to unexpected challenges. You get a replacement phone, but without a SIM card, you can't download any banking apps. These apps required mobile phone calls and OTP authentication, leaving you locked out. Multi Factor authentication (MFA), meant for security, ironically leaves you stranded without access. Most banks don't offer identity verification as an alternative and they assume you’d have your device or access to your registered mobile number.
This actually happened to a friend of mine which made me think about our reliance on our mobile phones.
Another sinister example is a news article from Business Insider where a women's iPhone was stolen by a man who had observed her passcode. Soon she was locked out of her Apple account, $10,000 was transferred from her bank account and a new application for Apple Credit card was launched in her name. Unfortunately this is not an isolated incident and similar cases are on the rise.
Though there is no specific number of how many phones are stolen which later results in financial fraud, Computer and phone misuse has increased by 89% (to 1.6 million offenses) compared with the year ending March 2020, driven by a large increase in unauthorized access to personal information (hacking) offenses according to the UK’s Office for National Statistics.
How has the industry handled authentication conundrum?
Losing your phone can be a frustrating and inconvenient experience, especially if you rely on it for online authentication and payment transactions. Fortunately, the industry has some solutions for these edge cases, depending on your service provider and the type of transaction you want to make. Some services offer alternative ways of verifying authentication and online payments without a mobile phone or SMS, such as:
- Emailing you the code, but only if you pre-register your email address.
- Using a or a card reader that you can use with your bank card and PIN. This requires you to carry your card reader provided by the bank.
- Sending the code via voice to your landline, if you have one.
- Visiting a local branch in person to verify your identity.
Unfortunately none of these solutions are user friendly and won't necessarily work especially when you are traveling abroad.
More secure and user-friendly technologies in identity proofing and authentication
Fortunately there are some great technologies out there that can address in a secure way and digital way without compromising security. Unfortunately their adoption has been slow in the market.
Password-Free future with secure and seamless identity proofing
Identity proofing is a means of verifying and authenticating the identity of a person trying to access a service or system. It helps businesses and organizations to confirm that the users are indeed who they say they are, and prevent identity fraud and misuse¹. Identity proofing can also improve the user experience and trust, as it reduces the need for passwords and other cumbersome methods of authentication methods such as OTPs.
MitID is an example of a service that uses identity proofing to set up your account without any passwords. MitID is Denmark's digital ID, which you can use to prove who you are when you access online services, such as banking, taxes, or shopping. MitID is primarily an app that you can download on your smartphone or tablet, and use it to log on and approve transactions with a simple swipe. To create your MitID, you need to go through an identity proofing process, which involves using your passport’s first page with your photo and identity details. Users are then asked to tap their passport against the mobile device that uses the NFC chip embedded in your passport to authenticate users.
Once you have completed these steps, you can start using your MitID to access online services without any passwords. You can also use biometric authentication, such as fingerprint or face recognition, if your device supports it. MitID is designed to be secure, user-friendly, and convenient, and it satisfies the newest requirements for security and privacy.
Tap to trust: Unleashing seamless security for enhanced banking services
Another solution is using swIDch's One-Time Authentication Code (OTAC) technology which is unidirectional (one-way) and transmits dynamic codes generated through card tapping on the back of the smartphone onto the server. Your existing payment card is embedded with OTAC technology that can be used for a variety of use cases including authentication and approving certain transactions.
This allows for a convenient and secure authentication service providing consistent experiences regardless of the user’s mobile operating system (OS) while overcoming the existing OTP’s limitations.
This technology has been used with Toss Bank, a leading Korean online-only bank with over 7 million users needing an authentication service that simultaneously guarantees user convenience and security to provide “simple and reliable financial services.” swIDch’s “switch-OTP” embedded in Toss Bank’s debit card, makes it possible to authenticate users or to transfer large sums of money by simply tapping the card on the back of smartphones.
You can find the full case-study here.
Exploring enhanced authentication in cybersecurity beyond mobile phones
Losing your phone can pose a serious threat to your online security and identity, especially if you rely on it for authentication and payment transactions. However, there are some innovative solutions that can help you authenticate yourself in a secure and user-friendly way, even when you don’t have your phone. One of these solutions is identity proofing, which is a means of verifying and authenticating the identity of a person trying to access a service or system. Identity proofing helps businesses and organizations to confirm that the users are indeed who they say they are, and prevent identity fraud and misuse. Identity proofing can also improve the user experience and trust, as it reduces the need for passwords and other cumbersome methods of authentication.
Another solution is OTAC technology, developed by swIDch, which is a one-time authentication code that can identify and authenticate users simultaneously in a single step. OTAC technology generates a dynamic, randomized code on-demand, locally by the user, without needing any network. This means that the code is unique, non-repetitive, and network-free, making it more secure and convenient than other authentication methods. OTAC technology can also generate virtual dynamic card information without a network connection, adding an additional layer of security in the payment process.
In conclusion, identity proofing and OTAC technology are two solutions that can solve the issue of relying too much on our phone for authentication and payment transactions. They can help us authenticate ourselves in a secure and user-friendly way, even when we lose our phone, and also offer us more convenience and efficiency in our everyday connected life.
--------------------
Author: Vinny Sagar, Solution Architect, swIDch
With over 15 years of experience in pre-sales, consulting and software development in the Identity and Cyber Security space Vinny has helped many clients across various industries and regions to design and deploy Zero Trust solutions that meet their specific needs and challenges.
--------------------
swIDch will continue its quest to innovate and pioneer next-generation authentication solutions. To stay up-to-date with the latest trends sign up to our newsletter and check out our latest solutions.
