Tuesday, November 10, 2020

The development of e-KYC production use cases in Southeast Asia

You may have come across the term e-KYC in the news lately. By removing paper-based procedures, e-KYC (electronic know your customer) can help enhance the entire identity authentication process, which reduces costs and time spent on customer identity authentication while complying to the due diligence. 

Unbanked customers can open new accounts, make a payment, apply for loans digitally or even invest in a financial instrument with just a few clicks on their smartphones and online self-service verification. This enhances the customer experience journey for a digitally savvy consumer based. 

Verifying customers by using paper-based identification and photo ID cards has its drawbacks. Identity verification by human eyeballing is time-consuming as it requires humans to manually read through the documents and verify pictures against identification documents, just imagine how many applications that need verification in a day!

In contrast, eKYC solutions that authenticate customers by using advanced technology such as Artificial Intelligence and machine learning simplifies the identity verification process. The identity verification process only takes a minute or so, making the entire process real-time to customer outreach. 

Southeast Asia surges towards e-KYC

As financial institutions aim to grow their customer bases while preventing fraud, many companies in the Southeast Asian region have also made announcements related to biometrics programmes, deals, as well as awards for technology supporting financial services.

Countries with large populations like Indonesia and the Philippines, are huge archipelagic countries. The strategic location makes financial services conventionally only in urbanized areas. Integrating eKYC solutions makes it more cost effective to drive a financial inclusion agenda, with the simplifying business process and avoiding security risks.

Since the global pandemic COVID-19 outbreak, many businesses realize the fact that physical outreach may not be a suitable permanent solution for customer acquisition, as the pandemic has brought fear to contact-based biometrics systems, such as fingerprint scanners. 

BFSI industry moves towards digital experiences

When talking about digital customer onboarding progress in Malaysia, you may have come across this international remittance, Valyou that offers a fully digital onboarding experience. Valyou is licensed by the Central Bank of Malaysia under the Money Services Business (MSB). With the eKYC solution implemented in their apps, it enables foreign worker communities to create their account without having to go through face to face counter service.

In traditional ways, those who work in remotely located estates or plantations would have to go through about an hour or so to travel to the nearest town.  Not only will it increase customer’s acquisition and retention, but it also drives a seamless customer journey. Ultimately, a more cost-effective remittance fee made possible by advanced technology. 

The booming of digital banks in Southeast Asia has created a new trend with massive breakthroughs in the field. In response, traditional banks in the region are expected to use advanced technology, in this case, biometric eKYC to identify and authenticate their customers to boost efficiency in business processes and eventually, to survive in the fierce competition and changing market. This is to fuel the growth of the digital economy in those countries. A rising number of Southeast Asian countries have either adopted e-KYC or come up with policies to encourage its use.

Telecommunications jumps on board

True to its name, the telecommunications industry also implemented eKYC solutions to enhance their customer journey. Few giant telco companies like Yoodo, powered by Celcom have gone to a fully digital operating business. Sim card registration is made easy with their customer self service app that uses eKYC, which operates 24/7 while complying to registration rules regulated by Malaysian Communications and Multimedia Commission. 

The implementation of e-KYC technologies in a fast-moving environment not only makes things easier for customers but also enhances the productivity and competitiveness of enterprises. A mobile-first strategy means that consumers can conveniently do what they need to do on their own time and terms as people gradually turn to their smartphones to get things done.

The drive of digital payment gateway such as e-wallet

Payment patterns in 2020 appear to push the market in a far more consumer-centered direction, which focuses on how payment can be made as simple and convenient as possible. The true power of digital payments via e-wallets can be unleashed by enabling a society that is highly connected.

In the recent lockdown series in Malaysia, the Malaysian government initiated an economic recovery stimulus plan, which gives a certain amount of money that can be used through the selected e-wallet partners. EMAS eKYC ID verification technology was a part of this ecosystem that enabled e-wallet to verify customers' identities in real-time to help distribute the stimulus package. 

Connectivity and sandboxes in Asia

High mobile penetration in the region encourages the adoption of services such as e-commerce and ride-hailing among consumers. This, in turn, brings about an opportunity to provide embedded financial services. Regulatory policies around the region are also becoming more transparent, with governments promoting digital financial services growth. In reality, the most significant swing factor in the growth of digital financial services across the region would be supportive and clear legislation and government policies.

Consider the regulatory sandbox of Singapore and Thailand, which enables businesses to evaluate technologies under the oversight of regulators in a regulated environment. To improve the efficiency of financial services, Singapore and Thailand have developed standardized QR codes for mobile payments. Indonesia has put in place a National Inclusive Finance Policy aimed at improving the economy by broadening the demand for banking services. Similar objectives were declared by Vietnam.


Wednesday, November 4, 2020

Why is Google changing to phone notification as the default option for 2-step sign-in?


Source: freepik (senivpetro)


We live in a world with advanced security mechanisms such as biometric authentication. However, an important part of staying secure online is the use of something that’s probably been around for much longer; 2-step verification.   

Many services provide 2-step verification and (where appropriate) you can consider using it. It may be seen as troublesome due to the extra steps involved and this is one of the things that stops people from enabling 2-step verification. However, Google makes it simple with "Google Prompt".

In essence, the new "Prompt" simply sends a text alert to your mobile instead of delivering a code asking if you are trying to sign in. You confirm, and that's basically it. It signs you in instantly with the touch of a button. And, on top of that, it is available for both Android and iOS.

What this means is, after you insert your email address and password, you can secure your Google account with an extra login confirmation with a click. Alternatively,  it is possible to perform 2-Step Verification (2SV) through an SMS, Google Prompt, an authenticator app, or a security key.




Google Prompt

Google Prompt has been there for a few years and for users who allow 2-step verification, it's the primary option. Prompt is more reliable than SMS because, rather than a phone number, it is linked to your Google account.

It had to be switched on for each specific computer or smartphone on your account when Prompt was first introduced. Google later added a feature to utilize Prompt on any phone you sign on in 2018, which is convenient for anyone with a limited set at home. Today, it looks like it will be the default action.

Once you insert your Google login credentials on a site, Google Prompt will request a "yes" or "no" answer on your phone. It's simple and quick. Tap "yes" on your computer and proceed if you have just attempted to login somewhere. Or else, tap "no."


Devices available

On both Android and OS computers, Google Prompt works. On Android, you link your Google Account on the smartphone: Settings > Accounts > Add account > Google. You install the Google app on your iPhone or iPad, login to your Google account, and activate push notifications: Settings > Google > Notifications > Allow notifications.

Either way, to receive the "yes / no" prompt, you'll need a network link —just as you would with a Text message. In this day and age, having two-factor authentication allowed on all your online accounts, or as Google describes it 2-Step Verification (2SV), is remarkably important. The majority of services rely on SMS, but because of the possibility of hacking, that is highly insecure.


G Suite users

The new default authentication setting will apply only to people who have allowed 2-step verification. In the case of users of G Suite, if an entity has implemented the 2-step authentication option 'Only security key' for a user, there will be no improvement and the user will continue to be allowed to use security keys.

If you're a G Suite administrator, conduct a 2-step verification report to see the accounts are enrolled — or not enrolled —. Log in to https:/admin.google.com to see this article, go to Reports > Protection > and pick 'Register for 2-Step Verification' from the menu. (And if you are a G Suite administrator and have not yet implemented 2SV, for more information on setting up 2-Step Verification for your domain, see the G Suite support section.)


Alternative methods

Of course, all past Google 2-step verification techniques remain available. This involves the use of an app, a security key, SMS, and also backup codes (like Google Authenticator).

Backup codes should be created by almost any individual who uses 2-step verification. Backup codes are designed for one-time use: you can't use them again until you use one to log in. When you trigger 2-step authentication, print out your backup codes and save them safely for use in an emergency.

2SV can also be supported by a mobile app like Google Authenticator, Microsoft Authenticator, or Authy. The app generates a 6-digit sequence until linked to an account that you enter as the second stage in your authentication process (after your username and password). But in comparison to Google Prompt and SMS, which need network access, when your computer is out of coverage, these authentication apps generate 6-digit codes. These apps also function with most other sites, such as Salesforce, Dropbox, GitHub and many more, that offer 2-step authentication.


Security key

You may authenticate it with a security key, such as a Yubikey, for even greater safety. A security key adds an extra piece of technology to the method of authentication. It also defends against phishing-related attacks, as well.


Monday, October 5, 2020

Why Low-code Development Matters?

Developers were afraid when the low-code platform market first started to expand. They worried that their work would be replaced by low-code platforms and had concerns that they were not fit to perform mission-critical tasks. However, in reality, most low-code platforms are very reliable with regard to helping developers respond quickly and in helping them be more agile.

Here are a few reasons why low-code development has become even more relevant and may even reach far beyond mobile.

Picture source: Pexels


Offering simplicity and convenience

Leading transformational initiatives is important given today's business environment climate. Nevertheless, IT teams are spread thin. They handle dynamic IT environments while serving business lines, developers, security and, more and more, remote employees.

That's where creation with low-code will benefit. Using a drag-and-drop interface to organise data and logic elements, a low-code framework helps corporate users to be citizen developers and easily build custom applications, according to one's requirement and departmental system . It lets them get the knowledge they need quickly to solve business challenges and innovate to better satisfy consumer needs. At the same time, development teams can concentrate on more nuanced strategies for change that involve their specific skill sets.


Speed to market

In the past, it was difficult just to find a software engineer. For start-up founders and business teams alike, IT-related skills shortages have remained an issue because they simply lack a supply of healthy, available engineering talent. Low-code/no-code solutions circumvent this issue by letting anyone create his or her own MVP, regardless of technical competence.

Building your own product (as opposed to outsourcing it) can yield so many advantages. Owners know specifically how the brand works from start to finish. Leaders are now self-sufficient as they can now make improvements on their own instead of having to frame their dilemma in terms of laymen and outsource it to their developer team to fix bugs. These improved processes not only de-risk products but also potentially allow the total number of goods being produced to rise exponentially.


Empowering remote work efforts

Ever since the chaotic disruption of COVID-19, forced work-at-home efforts are on the rise, and Information Technology teams have been cast down a steep learning curve that entails communication initiatives, digital security, and a million other facets to keep things running. There's immense pressure on everyone across the board, and the end-users are ultimately the ones that could suffer.

Fortunately, the demand for low-code/no-code solutions is on the rise. 

In the start-up and disruptive technology industries, low-code/no-code strategies are particularly common, promoting individuals with little to no coding expertise to be able to develop the applications they want at the time it is required.

Business agility has likely never been more critical than it is now. A global transition to remote work has impacted resource availability.

Low-code acceleration of project execution helps enterprises to solve problems efficiently in a modern operating environment. For example, it offers tools for creating stopgap solutions for efficient resource planning, remote team management, and task tracking.

Another reason to think about agility is full-stack as well as cross-platform app growth. Low-code helps build numerous applications, like multi-device apps. As a result, enterprises are motivated to implement new digital strategies. These strategies can impact digital customer onboarding and so much more. 


In-line with other powerful tools

For brilliant application services, you may be equipped with brilliant ideas, but you will need to execute them stunningly quick and with the right consistency. It can only get you so far if you have to rely on classic software delivery focused on manual labour, complicated programming languages and months of preparation. Constructing software without tremendous feats of coding is now simpler than it previously was. The secret lies in powerful AI-enabled tools that allow full use of API catalogues, pre-built templates, and automation.


Improving development efficiency

For development teams forced to turn around sprints and tasks at lightning speed, low-code platforms are extremely useful. Although hand-coding still has its place, low-code solutions improve efficiency by automating both simple and complex tasks, helping dev teams to work faster and smarter. Both development, as well as business teams, benefit particularly from low-code platforms because they are more cost-effective and place a lighter operating workload on development and IT teams since suppliers manage hosting and maintenance, even alleviating the burden of IT backlogs.

The speed of release is quickening. All businesses face the need, across the board, to automate their internal operations. Companies, among other things, require workflow automation for form creation, data retrieval and usable apps powered by databases. With the focus on quick, continuous-release techniques, the advent of next-gen low-code tools runs parallel. New UX layers that cater to citizen developers enable more players to accept DevOps within an enterprise and allow faster deployments.


Thursday, September 24, 2020

Why Were You Asked to Capture a Selfie Photo When Doing Online ID Verification?

With the current COVID-19 global pandemic crisis and the progress of digital adoption initiatives around the globe, businesses are feeling the brunt of the force. This is in line with a barrage of new practices moving forward. In line with the rise of facets of the new norm, low-touch and physical distancing practices, online ID verification technology is being used more frequently. 

In fact, capabilities for digital verification (including those related to the recognition of faces) are being relied on as companies, retailers, service providers, and brands seek to bring convenience, safety and speed to their online processes and transactions. 

With that being said, there may be some people who still wonder about the significance of capturing their selfies and identity cards when signing up to a digital platform. Is it safe to share selfies online?


Photo source: pexels


There are two main methods of facial ID capturing

For the most part, facial verification standards often require users to submit a selfie of themselves as part and parcel of the ID verification process. There are two frequently used methods for this. The first method is to upload a photo of a selfie, and the second method is to upload a photo of yourself holding your identity document. 

For manual verification process through eyeballing, the second method is the recommended implementation option because it is much more unlikely that hackers can find a victim's portrait photo in this pose readily available from social media profiles or other internet sources. On the other hand, the first method (capturing a selfie from a live camera) is a good option too when the facial verification process is automated with technology. Often, the facial sighting automation would require liveness detection capability to be built as part of the automation, either through the approach of:

i. active liveness detection (require subject to explicitly follow through some prompts such as face feature movements), or
ii. passive (without requiring any explicit movement).

Essentially, the purpose of capturing a customer’s selfie during self-service registration is to:

1. Prevent identity fraud/theft, such as misuse of someone else’s ID
2. Capture user’s consent
3. Enhance user’s account security
4. An added layer of security

Monday, September 21, 2020

Banks Should Turn to Using AI in eKYC in the Digital Arms Race

This article first appeared in Fintech News Malaysia, authored by Vincent Fong. 


There’s an old joke on how on the internet nobody knows that you’re a dog, which speaks to how the internet has become synonymous with anonymity. While anonymity is fine in many instances, in an increasingly digital world it has become crucial that you are who you say you are.

Nowhere is this more critical than in the financial services space, where banks are required to ensure that your funds are lawfully gained and are not channeled to some nefarious activity. For the longest time banks in Malaysia required you to show up in the branch physically to conduct a face to face KYC.

All that has changed, when in June 2020, Bank Negara Malaysia released its much-anticipated guidelines for eKYC in Malaysia. The policy document was created in recognition of the importance of digital identity as an enabler for user convenience and cost efficiency for financial institutions.  As such, the framework included guidelines for the use of AI and machine learning in identification and verification. AI is viewed by the regulator as a tool for “reducing human intervention”. 

Click here to continue reading the full article

Thursday, September 17, 2020

What Took Place When You Were Submitting an Online Form, Even When You Couldn't See It?

Ever wonder what happens when you submit an online application or fill out a form over the internet and hit the send button? These days, almost every inquiry, registration and submission can be processed digitally. eCommerce sites, service platforms and mobile apps incorporate online submissions in one way or another whether as a part of digital customer onboarding, customer support or troubleshooting. From a developer's standpoint, there are various methods, tactics and approaches when building form submission funnels, but there are certain key elements to consider.


Source: Pexels


Essentially, the purpose of online forms is to collect specific data about a website visitor such as for processing as part of a service subscription or for a college application among other things. 

In most cases, you'll probably find a relatively simple contact form containing fields for the kinds of details to be filled in (such as name, email address and phone number). Once you click submit, the next thing that happens is invisible to you as the applicant. Although you may not see it, there is an infrastructure in place to ensure that your data gets to where it's supposed to.


Data is Stored in a Submissions Storage

These days, many websites use an external service or system that helps to store all the data that's extracted from submitted forms. Form submissions might often contain the private information of website visitors or rather, potential clients, so the utmost priority for these service providers is ensuring that data is safely transferred and stored for later use by the respective site. Private data should not end up being published on the front end of sites for others to see and, for the most part, all authentic sources abide by this rule. Most sites will state this in some shape or form in their terms and conditions - so it would be a good idea to read through their sections. Numerous established form submission services help sites to securely store data. Security is likely to be a prominent value proposition for all of them.

Data collection systems are extremely crucial for many businesses online and are central to the customer onboarding process in most cases. Data collection systems help teams collect a standard set of information and allow companies to keep control and consistency as they collect data from their sites. These systems also help to organize the constant stream of data that pours in. This is why so many sites incorporate data collection systems, which are directly connected to the forms that visitors fill. Security and privacy are big parts of these systems, and many of the available third party data collection providers out there strive to accommodate businesses and consumers alike.

Monday, August 10, 2020

What is Digital Signing and How Does it Benefit Businesses?

The rise of the digital signature has revolutionized finance, and real estate sectors, as well as commercial and industrial enterprises. This is likely to be happening even more now that contactless transactions, social distancing and digital adoption are all traits of the new norm amid COVID-19. 

Digital signatures are ways to verify your identity on an electronic file (like a sales contract). They work with encryption technology, so you're the only person that can use any electronic file to access your unique encryption. Using tech for digital signatures can be part of system modernization and a larger, overall digital strategy. Some have adopted the technology while others remain skeptical. Either way, digital signatures have measurable benefits, like most technological advances, as well as associated costs and risks.



Electronic signatures (e-signatures) and digital signatures are not the same

e-signatures are notoriously susceptible to fraud because they are essentially just electronic symbols, processes or sounds attached to documents to represent a form of assent or agreement. A digital image of a handwritten signature can easily be captured on a smartphone or tablet before being pasted back into a document. Without any encrypted authentication process to reinforce security, e-signatures aren't able to determine the identity of a human operator who last used the signature.

On the other hand, digital signatures are reinforced with higher levels of security and advanced technology to assure optimal safety for documents. They are often built on Public Key Infrastructure (PKI), which is used to generate unique "digital fingerprints" through mathematical algorithms. These digital fingerprints are then safely embedded in the documents, and signers will have to perform 2-Factor Authentication measures to confirm legitimate identities.

What's more, the digital IDs of each legitimate signer can only be issued by an accredited CA (authorised bodies empowered by the government to issue digital IDs for evaluated individuals). In essence, each signer is legally permitted to use these generated signatures. 

Prioritizing authenticity

Digital signing is generally made up of a simple process. Users simply upload their documents and take simple steps to set up the necessary signatures. An automated process prompts the signatories via a mobile app or email, which leads to the creation of a highly secure and convenient digital signature on the respective document.