Tuesday, November 10, 2020

The development of e-KYC production use cases in Southeast Asia

You may have come across the term e-KYC in the news lately. By removing paper-based procedures, e-KYC (electronic know your customer) can help enhance the entire identity authentication process, which reduces costs and time spent on customer identity authentication while complying to the due diligence. 

Unbanked customers can open new accounts, make a payment, apply for loans digitally or even invest in a financial instrument with just a few clicks on their smartphones and online self-service verification. This enhances the customer experience journey for a digitally savvy consumer based. 

Verifying customers by using paper-based identification and photo ID cards has its drawbacks. Identity verification by human eyeballing is time-consuming as it requires humans to manually read through the documents and verify pictures against identification documents, just imagine how many applications that need verification in a day!

In contrast, eKYC solutions that authenticate customers by using advanced technology such as Artificial Intelligence and machine learning simplifies the identity verification process. The identity verification process only takes a minute or so, making the entire process real-time to customer outreach. 

Southeast Asia surges towards e-KYC

As financial institutions aim to grow their customer bases while preventing fraud, many companies in the Southeast Asian region have also made announcements related to biometrics programmes, deals, as well as awards for technology supporting financial services.

Countries with large populations like Indonesia and the Philippines, are huge archipelagic countries. The strategic location makes financial services conventionally only in urbanized areas. Integrating eKYC solutions makes it more cost effective to drive a financial inclusion agenda, with the simplifying business process and avoiding security risks.

Since the global pandemic COVID-19 outbreak, many businesses realize the fact that physical outreach may not be a suitable permanent solution for customer acquisition, as the pandemic has brought fear to contact-based biometrics systems, such as fingerprint scanners. 

BFSI industry moves towards digital experiences

When talking about digital customer onboarding progress in Malaysia, you may have come across this international remittance, Valyou that offers a fully digital onboarding experience. Valyou is licensed by the Central Bank of Malaysia under the Money Services Business (MSB). With the eKYC solution implemented in their apps, it enables foreign worker communities to create their account without having to go through face to face counter service.

In traditional ways, those who work in remotely located estates or plantations would have to go through about an hour or so to travel to the nearest town.  Not only will it increase customer’s acquisition and retention, but it also drives a seamless customer journey. Ultimately, a more cost-effective remittance fee made possible by advanced technology. 

The booming of digital banks in Southeast Asia has created a new trend with massive breakthroughs in the field. In response, traditional banks in the region are expected to use advanced technology, in this case, biometric eKYC to identify and authenticate their customers to boost efficiency in business processes and eventually, to survive in the fierce competition and changing market. This is to fuel the growth of the digital economy in those countries. A rising number of Southeast Asian countries have either adopted e-KYC or come up with policies to encourage its use.

Telecommunications jumps on board

True to its name, the telecommunications industry also implemented eKYC solutions to enhance their customer journey. Few giant telco companies like Yoodo, powered by Celcom have gone to a fully digital operating business. Sim card registration is made easy with their customer self service app that uses eKYC, which operates 24/7 while complying to registration rules regulated by Malaysian Communications and Multimedia Commission. 

The implementation of e-KYC technologies in a fast-moving environment not only makes things easier for customers but also enhances the productivity and competitiveness of enterprises. A mobile-first strategy means that consumers can conveniently do what they need to do on their own time and terms as people gradually turn to their smartphones to get things done.

The drive of digital payment gateway such as e-wallet

Payment patterns in 2020 appear to push the market in a far more consumer-centered direction, which focuses on how payment can be made as simple and convenient as possible. The true power of digital payments via e-wallets can be unleashed by enabling a society that is highly connected.

In the recent lockdown series in Malaysia, the Malaysian government initiated an economic recovery stimulus plan, which gives a certain amount of money that can be used through the selected e-wallet partners. EMAS eKYC ID verification technology was a part of this ecosystem that enabled e-wallet to verify customers' identities in real-time to help distribute the stimulus package. 

Connectivity and sandboxes in Asia

High mobile penetration in the region encourages the adoption of services such as e-commerce and ride-hailing among consumers. This, in turn, brings about an opportunity to provide embedded financial services. Regulatory policies around the region are also becoming more transparent, with governments promoting digital financial services growth. In reality, the most significant swing factor in the growth of digital financial services across the region would be supportive and clear legislation and government policies.

Consider the regulatory sandbox of Singapore and Thailand, which enables businesses to evaluate technologies under the oversight of regulators in a regulated environment. To improve the efficiency of financial services, Singapore and Thailand have developed standardized QR codes for mobile payments. Indonesia has put in place a National Inclusive Finance Policy aimed at improving the economy by broadening the demand for banking services. Similar objectives were declared by Vietnam.

Wednesday, November 4, 2020

Why is Google changing to phone notification as the default option for 2-step sign-in?

Source: freepik (senivpetro)

We live in a world with advanced security mechanisms such as biometric authentication. However, an important part of staying secure online is the use of something that’s probably been around for much longer; 2-step verification.   

Many services provide 2-step verification and (where appropriate) you can consider using it. It may be seen as troublesome due to the extra steps involved and this is one of the things that stops people from enabling 2-step verification. However, Google makes it simple with "Google Prompt".

In essence, the new "Prompt" simply sends a text alert to your mobile instead of delivering a code asking if you are trying to sign in. You confirm, and that's basically it. It signs you in instantly with the touch of a button. And, on top of that, it is available for both Android and iOS.

What this means is, after you insert your email address and password, you can secure your Google account with an extra login confirmation with a click. Alternatively,  it is possible to perform 2-Step Verification (2SV) through an SMS, Google Prompt, an authenticator app, or a security key.

Google Prompt

Google Prompt has been there for a few years and for users who allow 2-step verification, it's the primary option. Prompt is more reliable than SMS because, rather than a phone number, it is linked to your Google account.

It had to be switched on for each specific computer or smartphone on your account when Prompt was first introduced. Google later added a feature to utilize Prompt on any phone you sign on in 2018, which is convenient for anyone with a limited set at home. Today, it looks like it will be the default action.

Once you insert your Google login credentials on a site, Google Prompt will request a "yes" or "no" answer on your phone. It's simple and quick. Tap "yes" on your computer and proceed if you have just attempted to login somewhere. Or else, tap "no."

Devices available

On both Android and OS computers, Google Prompt works. On Android, you link your Google Account on the smartphone: Settings > Accounts > Add account > Google. You install the Google app on your iPhone or iPad, login to your Google account, and activate push notifications: Settings > Google > Notifications > Allow notifications.

Either way, to receive the "yes / no" prompt, you'll need a network link —just as you would with a Text message. In this day and age, having two-factor authentication allowed on all your online accounts, or as Google describes it 2-Step Verification (2SV), is remarkably important. The majority of services rely on SMS, but because of the possibility of hacking, that is highly insecure.

G Suite users

The new default authentication setting will apply only to people who have allowed 2-step verification. In the case of users of G Suite, if an entity has implemented the 2-step authentication option 'Only security key' for a user, there will be no improvement and the user will continue to be allowed to use security keys.

If you're a G Suite administrator, conduct a 2-step verification report to see the accounts are enrolled — or not enrolled —. Log in to https:/admin.google.com to see this article, go to Reports > Protection > and pick 'Register for 2-Step Verification' from the menu. (And if you are a G Suite administrator and have not yet implemented 2SV, for more information on setting up 2-Step Verification for your domain, see the G Suite support section.)

Alternative methods

Of course, all past Google 2-step verification techniques remain available. This involves the use of an app, a security key, SMS, and also backup codes (like Google Authenticator).

Backup codes should be created by almost any individual who uses 2-step verification. Backup codes are designed for one-time use: you can't use them again until you use one to log in. When you trigger 2-step authentication, print out your backup codes and save them safely for use in an emergency.

2SV can also be supported by a mobile app like Google Authenticator, Microsoft Authenticator, or Authy. The app generates a 6-digit sequence until linked to an account that you enter as the second stage in your authentication process (after your username and password). But in comparison to Google Prompt and SMS, which need network access, when your computer is out of coverage, these authentication apps generate 6-digit codes. These apps also function with most other sites, such as Salesforce, Dropbox, GitHub and many more, that offer 2-step authentication.

Security key

You may authenticate it with a security key, such as a Yubikey, for even greater safety. A security key adds an extra piece of technology to the method of authentication. It also defends against phishing-related attacks, as well.