Pain points

The surge in digital financial services, including online transactions and open banking, has increased user convenience. However, it has also led to the evolution of financial fraud, including phishing (smishing and voice phishing), card misuse, bank account theft, and personal information theft. We've seen significant financial losses due to ID leaks and lost smartphones, both in the UK and internationally. Despite many financial service firms implementing multi-factor authentication (MFA) services like mobile OTP, mobile phone identity authentication, and biometric authentication, preventing sophisticated financial fraud crimes upfront remains a challenge.

IT_twi001t3276058 4MP

Extensive financial damage from the escalating phishing scams

Numerous cases involve accounts being hijacked for illegal financial transactions, unauthorised payments, or mobile payments. Criminals install remote control apps to steal account numbers and passwords, exposing fixed passwords in mobile financial environments to hacking and phishing risks. These incidents incur substantial response costs for financial institutions. In the U.S., 75% of all fraud losses are attributed to consumer phishing, with associated expenses for response activities, investigations, and recovery reaching $4.23 for every $1 lost. 

Growing consumer dissatisfaction with MFA inconvenience

Enhanced security measures, such as additional authentication procedures (separate OTP authentication, ARS, and terminal designation service) for substantial transactions or logins from multiple devices, necessitate direct entry of authentication codes. Delays or non-receipt of authentication codes require users to go through cumbersome processes like contacting customer service, particularly when authentication services like SMS and ARS are inaccessible in off-network environments.

 

Challenges in responding to post-financial fraud recovery

Recovering from financial fraud involves varying responses across industries, including finance, telecommunications, and e-commerce. Each case requires investigation and legal interpretation of the cause, scale of damage, liability for compensation, etc. Responding solely to damage recovery limitations hinders receiving full compensation for the incurred losses. Despite national and industrial-level policy preparations, completely preventing increasingly sophisticated financial fraud remains elusive.

 

Solutions

swIDch’s TAP OTAC proactively prevents financial fraud, such as phishing, by isolating media from cyber attacks. The OTAC module, generating a financial payment authentication code, is embedded into the payment card's IC chip and financial app as an applet and software development kit (SDK). Authentication is effortlessly performed by lightly tapping the payment card on the back of a smartphone with a financial app installed. Utilising a dynamic code newly generated each time ensures a robust yet simple authentication process, significantly enhancing user convenience. Additionally, it is compatible with any mobile device's operating system (OS) and facilitates authentication without a separate cellular network.

 

 

Blocking the sniffing risk fundamentally

The card, embedding the OTAC applet, generates the initial OTAC via smartphone near field communication (NFC). As the primary code from the card produces a secondary OTAC through linkage with the app, there is no risk of hacking by stealing the seed value in memory or any potential sniffing risks within the NFC section.

 

swIDch card tapping mobile OTP

Prevention of user theft

swIDch's TAP OTAC authenticates users by tapping a card embedded with the OTAC applet to a mobile device. This thwarts hackers who have stolen personal information from issuing new mobile OTPs or using financial services like large-sum transfers. Crucially, flawless user identification and authentication are possible without any chance of code duplication with other users.

Card tapping mOTP_4

User friendly UX

TAP OTAC, linked to a payment card for cash withdrawal and payment, enables secure and easy use of financial services requiring two-factor authentication (2FA) by simply tapping the card on the back of a smartphone. Users benefit from the convenience of not needing a separate device solely for 2FA.

OTP v1-1
Toss Bank

 

> Read our Toss Bank case study 

Benefits

swDIch's TAP OTAC provides payment cards with a robust user authentication function using a unique identification key. This not only increases cardholder usage frequency but also reduces the cost of issuing physical OTPs. It can utilise the NFC function to evolve into an all-in-one card encompassing payment card, access control, and identification functions.

Card tapping mOTP_5

Boosting customer loyalty

Globally, 2.8 billion credit cards are in use as of 2021. Americans average four credit cards, while EU residents possess between 0.8 to 3.9 mobile cards. By adding the OTP function to the payment card, swIDch increases card usage frequency. Given that most consumers mainly use one or two cards, this naturally leads to heightened customer loyalty.

Proactive financial fraud prevention with a zero-trust approach

As the landscape of digital finance expands, there is a concurrent increase in various forms of financial fraud, including voice phishing and SIM swapping. In the United States, a study indicates that 75% of financial fraud losses reported by lenders stem from consumer phishing, notably Authorised Push Payment (APP) scams. In a more proactive approach, the UK's top 14 banking groups have refunded up to 91% of APP losses. swIDch's TAP OTAC is positioned as a preventive measure against financial phishing incidents. Its distinctive feature, requiring a card tapping process for additional financial services, proves advantageous even in situations where user information is compromised or the smartphone is lost.

Expansion beyond payment 

OTAC embedded cards can serve as a means of diverse authentication beyond payment. Logging into critical sites, such as internet banking, can involve generating a one-time QR code with a simple tap on the back of a smartphone. The same card can grant access to the office or restricted areas via tapping on digital door locks. Businesses can leverage this innovative card by integrating corporate payment cards, access control devices, and employee IDs into one card. The associated manufacturing costs related to contactless payment functions can naturally alleviate through additional applications beyond payment.

Card tapping mOTP_3

Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
DYNAMIC CODE that is
sufficient to IDENTIFY user
Single-step IDENTIFICATION
and AUTHENTICATION
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 

 

Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.  

Learn More

'One-time-authentication-code' technical report by University of Surrey Get in touch

Related Topics

How to make complex authentication processes in payment simpler, more efficient and secure.
Payment card fraud costs the global economy approximately $27.85 billion in a single year, and this is projected to rise to $40.63 billion by 2027, according to The Nilson Report. In addition, information theft incidents continue to occur in the secure digital authentication process, such as a short message service (SMS) for one-time passwords, (OTP) for bank account transfers, and PINs for identity authentication.
Read More
Global expansion of card tapping mobile OTP for security and convenience is imminent
If you transfer large sum remittance at once or request sensitive financial information, most global banks ask you either to input mobile one-time passwords (OTPs) generated by mobile banking app, to provide your biometric information via your smartphone, or to type registered PIN codes in order to verify your identity.
Read More
Can convenience and security coexist in digital payment?
The quick and easy way we pay online is the most fundamental agenda of digital transformation accelerated by the pandemic. We live in a world where you can pay for items in your shopping cart with a single click of a purchase button, or transfer money by scanning a QR code without an additional payment process. But, are you sure that your payments are managed safely enough?
Read More