Case Study: BC Card Provides Advanced User Authentication Based on the FIDO Standard
As mobile payment usage increases, mobile service providers are looking for more secure authentication measures for their users. BC Card’s mobile payment app, paybooc, offers both online and offline payment services through registration with a single ID and login using FIDO-based biometric authentication.
BC Card is the largest payment processing company in South Korea. BC Card’s mobile payment app, paybooc, offers both online and offline payment services through registration with a single ID and login using FIDO-based biometric authentication.
BC Card wanted a more secure way to authenticate their paybooc users that had a positive impact on the user experience.
BC Card adopted FIDO Authentication using fingerprint, facial and voice biometrics for paybooc login.
More than 1.2 million users have registered in paybooc using FIDO Authentication, making over 1 million transactions monthly.
THE FIDO SOLUTION
FIDO Authentication is proven to provide simpler, stronger authentication. BC Card’s use of the FIDO standards is helping to ensure their paybooc customers can simply log in with a single gesture with stronger security.
The Challenge: Security that Doesn’t Compromise Usability
Many online payments services rely on password-based logins, which are the most insecure of authentication methods. Passwords have been cited as the root cause for the vast majority of data breaches in recent years and are often frustrating for consumers because they can be complex and hard-to-remember.
With the rise in biometric authentication services, consumers are coming to realize the convenience of using this method for easy login. Recognizing the opportunity to leverage existing smartphone features such as cameras, BC Card set forward to integrate biometrics into the paybooc application.
BC Card wanted to find a better way to authenticate paybooc users for an easier and more secure payment experience. After considering a number of authentication methods, the company launched FIDO-based fingerprint, voice and facial biometric authentication methods for paybooc users.
paybooc was the first system among Korean financial institutions to provide FIDO® Certified voice and facial recognition.
The FIDO-based voice authentication system is built to identify distinct features of the user’s voice, and is able to distinguish between a recording and an authentic voice. The FIDO-based facial authentication system recognizes the user’s facial features through the mobile device camera. Both systems utilize on-device cryptographic credentials and biometric data to protect from remote spoof and other attacks (i.e. the use of sounds, pictures and videos to mimic the user).
Verifying customers has become an important issue for the mobile payments industry, and biometric capabilities are rapidly evolving to create a safer and more reliable service for users. BC Card chose FIDO Authentication as a way for consumers to have secure logins with the ease of standards-based, interoperable authentication utilizing biometrics.
The Result: 1.2 Million Registered Users, 1 Million Monthly Transactions
As of May 2018, over 1.2 million users have registered in paybooc using biometric authentication, making over 1 million transactions monthly. This number is on a steady increase, as users recognize the ease of using biometrics as authentication as well as the extra security FIDO standards provide users. In the payments industry, mobile transactions are on the rise, and paybooc’s FIDO biometric authentication can adapt to any device.
BC Card’s decision to adopt the FIDO standard for authentication with biometrics was prompted by a need for stronger authentication for its mobile payments services, but also a seamless user experience. FIDO provides interoperability, ensuring that users can be authenticated on a wide array of device choices regardless of mobile carrier, device maker or online service. FIDO Authentication is a fast and convenient alternative to solutions like passwords, which are often difficult to remember, because it requires only a single gesture to log on.
BC Card also chose FIDO as a safeguard against fraud. Spoofing, phishing and other attacks are a direct concern for any payments service looking to best authenticate users. The FIDO protocols use of on-device cryptographic credentials and biometric data cut out third-party and man-in-the-middle involvement and significantly reduce the chance for hacks or phishing.
This assurance, along with the standards-based architectures that can evolve, scale and change with the market make FIDO Authentication a secure, cost-effective, and simple choice for BC Card paybooc. Many biometric authentication services, including Samsung Pay, are FIDO-based, and the quickly spreading FIDO2 standard is well-known throughout Korea.
MORE Building the Business Case
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance Webinar
The Second Payment Services Directive (PSD2) and the associated Regulatory...April 12, 2019
FIDO2 & PSD2: Achieving Strong Customer Authentication Compliance
The Second Payment Services Directive (PSD2) and the associated Regulatory...
Javelin Research’s State of Strong Authentication 2019 Report
As data breaches and increasingly sophisticated phishing attacks continue to...February 8, 2019