Kakao Bank launched a Self-camera (selfie) one-time password (OTP) service in December 2022, which allows users to authenticate themselves by simply taking a selfie without the need for a physical OTP device. Kakao Bank has enhanced security using a method that involves capturing a real-time image of the customer's face rather than simply inputting numbers while increasing convenience for customers by allowing high-value transfers without a physical OTP device. swIDch's OTAC-based mOTP, applied to Kakao Bank's selfie OTP, provides security and convenience at the same time by generating and authenticating a dynamic code that never overlaps using unique values corresponding to its user's face for the first time in Korea.
OTP authentication is essential for high-value transfers exceeding KRW 10 million in most banks, including Kakao Bank. For this reason, it is necessary to issue a physical OTP in the form of a card or token, or a mobile OTP in which a PIN number is entered. However, physical OTP has a complicated issuance process and mobile OTP using PIN numbers has its own inherent vulnerabilities. In addition, while mobile OTP is convenient as it only requires a user’s smartphone, they must remember the PIN number and endure the inconvenience of having to enter it themselves, similar to the card-type OTP.
As a result, Kakao Bank decided to prioritise customer user experience by allowing high-value transfers without requiring a physical OTP, while also enhancing security through a method that involves taking a photo of the customer's face instead of simply entering a code. Kakao Bank's Selfie OTP is issued by having customers register a selfie photo, which is then compared to a government-issued ID photo to confirm the customer's identity. After initial use, future authentication happens by comparing the customer's registered selfie photo to a real-time selfie photo for identity verification, thus innovatively overcoming the inconvenience of having to remember usernames and passwords every time.
Kakao Bank focused on implementing a mobile OTP technology that utilizes facial recognition information, which can provide both enhanced security and convenience, surpassing the limitations of the existing mobile OTP.
The OTAC-based mOTP applied to Kakao Bank's selfie authentication is a mobile OTP that can be easily used for services requiring strong authentication. It first verifies the user's authentication information, such as a registered PIN or biometric information, before generating the OTP and using it as a linked value for encryption to enhance security. In addition, the technology generates an OTP linked to financial transaction information such as the recipient's name/account number and transfer amount for authentication, which can more safely respond to memory hacking or man-in-the-middle attacks (MITM).
Most importantly, the OTAC-based mOTP boasts unique technological capabilities by using the unique information corresponding to the facial biometric information as one of the seed values for generating the mobile OTP when the facial comparison is successful.
Technology comparison / Smart OTP / Mobile OTP / Card-tagging Mobile OTP
Unique user identification (1st level authentication available) / 0% possibility of code duplication with other users / Compatibility with iPhone / Skip additional information input steps (e.g. PIN)
swIDch's OTAC-based mOTP not only enhances security, which is the core of financial services, but also provides the fastest and most convenient authentication service in the most evolved form of technology that generates mobile OTP using facial recognition information for the first time in Korea. The existing OTPs were only used for 2-factor authentication purposes after ID & password or biometric login. On the other hand, OTAC allows for unique user identification and eliminates the possibility of code duplication with other users, enabling unrestricted access to financial services with just a single authentication. In addition, during the process of using financial services, it is possible to perform both initial authentication and second authentication for high-value transfers and transactions in one go.
Efforts to enhance security while ensuring convenience in financial transactions have been ongoing. Especially for Kakao Bank, which has a higher percentage of young users who are familiar with smart devices, it is essential to use trendy technology that can secure convenience for users and expand demand, more than traditional banks.
The combination of facial recognition biometric information, known as the safest unique identifier, and authentication allows financial institutions to increase operational efficiency and reduce costs associated with issuing OTP-specific cards. In addition, this approach is easier, faster, more accurate, safer, and more convenient compared to existing authentication, identification, and access methods offered by passwords, keys, codes, and cards.
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
sufficient to IDENTIFY user