Does Smart OTP help reduce high-tech crime in banking?
Smart OTP (One Time Password) is born right on the customer’s phone and is encrypted with a complex multi-layer security system that is difficult to intervene in.
Hanoi (VNA) – Smart OTP (One Time Password) is born right on the customer’s phone and is encrypted with a complex multi-layer security system that is difficult to intervene in.
In July, the Bank for Investment and Development of Vietnam (BIDV) together with the Joint Stock Commercial Bank for Foreign Trade of Vietnam (Vietcombank), the Bank for Industry and Trade (VietinBank) and many other banks officially announced the application of a new transaction authentication method called Smart OTP, applied to transactions to transfer money to other holders’ accounts (for corporate customers) and money transfer transactions to other holders’ accounts which amount to over 100 million VND (4,300 USD) per day (for individual customers).
So, what is Smart OTP and why is it being implemented massively in the Vietnamese banking system?
Over the past time, although banks have repeatedly advised customers not to provide personal or confidential information such as ATM card PIN numbers, access codes, OTP codes, and Internet Banking passwords for others to avoid being scammed. However, in fact, hi-tech criminals continuously use many sophisticated tricks to force users to provide OTP codes (sent via their SMS or email), so the risk of users losing money remains.
This affects customers’ confidence in the banking system as well as the process of “promoting non-cash payment” that has actively been deployed by the Government, ministries, agencies, and the whole banking system in recent years. This is an urgent issue in improving the safety of online transactions, especially high-value ones.
The State Bank of Vietnam’s Decision 630 on “The plan to apply security solutions in online and bank card payment”, applied from July 1, 2019, has officially facilitated the massive deployment of Smart OTP over the past time.
Smart OTP is software installed on mobile devices, allowing users to actively obtain OTP authentication codes. Smart OTP fixes the disadvantages of the authentication methods via existing SMS OTP and Token OTP, minimizing malefactors taking advantage of security vulnerabilities to hack customer accounts.
According to banking technology experts, SMS OTP is sent through many intermediaries and telecom service providers, leading to loss. For example, when a customer’s phone is installed with SMS-reading software, the OTP code sent to the registered phone will be automatically transferred to another phone number without the customer’s recognition. More simply, customers may be appropriate SIM card use rights. SMS OTP is also dependent on the security of telecom service providers, requiring customers to roaming when traveling abroad…
And Token Key is a removable device with a compact design like an USB so it is easy to be stolen or lost by a crook. Several Token Keys have a simple design that makes it very easy for OTP codes to be stolen, while some others have a more modern design that can make users feel uncomfortable to carry.
Meanwhile, Smart OTP is an application that provides OTP codes, so customers will take them proactively when they need electronic transactions. Smart OTP is born right on the customer’s phone and is encrypted with a complex multi-layer protection system that is difficult to intervene in.
Mobile devices with Smart OTP also do not require internet or telecom network connection after activation (Smart OTP does not need SIM card and telecom network connection, so roaming is not compulsory when making transactions overseas). However, Smart OTP can also pose risks to customers who have their phones to be cracked or arbitrarily install malicious software of unknown origin.
After Smart OTP, what will be?
After deploying Smart OTP, it is expected that this August, BIDV will deploy the Soft OTP authentication method on the BIDV SmartBanking application. Soft OTP is a secure method, especially for high-value transactions, as it is protected by three-layer security technology when customers transact online.
Accordingly, the transaction authentication code will be provided to customers by BIDV right on the SmartBanking application, with all transaction steps done on the banking app, thereby increasing customer experience and satisfaction. It will make it more convenient for customers when making transactions as they do not need to install the Smart OTP app on mobile devices and act simultaneously on the two banking and Smart OTP apps when making money transfers.
In addition, to increase security and experiences for users, BIDV and other banks have constantly added new online authentication methods to increase utilities to meet the demand of different types of customers. Typically, biometric authentication technology via fingerprint or face recognition has been implemented on the BIDV SmartBanking app since 2017.
The era of technology and artificial intelligence is opening up opportunities for banks to innovate the way they provide financial services for customers, increasing the user’s experience in a diverse service ecosystem. In the process, banks also need to increase and consolidate their protection layers, ensuring safety and security not only in transaction data but also in customer information.
For customers, it is necessary for them to comply with the recommendations on transaction security and choose reputable banks./.