In this series of case studies, the FIDO Alliance talks to organizations that have deployed FIDO strong authentication. In this edition, we spoke with Hyoung Woo Kim who represents the ‘Sunny Bank Business’ department at Shinhan Bank in Korea, which is now offering FIDO-based fingerprint authentication to its Sunny Bank mobile application.
FIDO Alliance: Why did Shinhan Bank decide to offer fingerprint authentication to the Sunny Bank application? What problem were you trying to solve?
Hyoung Woo Kim: Shinhan Bank was looking for a trusted biometric solution to add value for their customers using the Sunny Bank app. We chose this because FIDO has been developed as a biometric standard specifically for the mobile online environment, and biometric-based identity authentication systems through FIDO has been proven to be a secure infrastructure to provide a convenient and strong authentication service. It is used as a second-factor authentication or an easy alternative login of the app (ID/password) in conjunction with the existing banking app.
FIDO Alliance: Please tell us more about Shinhan Bank.
Hyoung Woo Kim: Shinhan Bank was founded in 1897 and operates banking, foreign exchange operations, and trust-services businesses. Its capitalization is 8 trillion KRW ($6.7 billion USD), and the corporation has a turnover of 14.8 trillion KRW ($12.3 billion USD). It has roughly 15,000 employees.
FIDO Alliance: Please describe the new service.
Hyoung Woo Kim: Shinhan Bank has introduced the first FIDO-based biometric authentication technology in the domestic banking services market. This service is a specialized mobile banking platform for Shinhan Bank called ‘Sunny Bank’. By introducing the first non-face-to-face personal identity authentication system, it makes possible a variety of traditional banking services such as opening a new account, deposit and withdrawal inquiry, currency exchange services, MyCar loan applications, and so forth without visiting a bank branch.
FIDO-based fingerprint authentication services with OnePass replace the existing certificate verification system so that the Shinhan Bank app service increases security as well as convenience for its customers in the financial services sector.
FIDO Alliance: Why did Shinhan Bank choose to use FIDO standards for this service?
Hyoung Woo Kim: With the explosive growth in mobile and online banking services, coupled with mandatory regulations changes related to banking and finance security, the need for a new secure authentication method that is also convenient for mobile users was very pressing.
Furthermore, the FIDO protocol is built around the secure storage of biometric information on the local device, with no transmission of the information necessary for authentication. The FIDO system locally verifies the user on his or her own device and then authorizes an encrypted authentication response to the server.
In order to satisfy both security concerns as well as customers’ requirements, building a convenient and secure authentication service that combines identity services with secure authentication is a real challenge. For Shinhan, the FIDO-based OnePass system was a clear choice to answer that challenge.
FIDO Alliance: What partners worked with you to enable FIDO authentication for the service?
Hyoung Woo Kim: FIDO authentication for the service has been built with Raonsecure, which is a leading FIDO-based biometric solution, mobile security, and PKI security technology provider. Raonsecure was one of the first companies to earn FIDO certification and is a leading FIDO authentication technology provider in Korea. Based on strong financial services management know-how, Raonsecure offers a range of technologies for clear understanding and meeting the requirements of Shinhan Bank.
FIDO Alliance: How many customers are now using the Shinhan Bank service and has Shinhan Bank seen any other positive results?
Hyoung Woo Kim: Shinhan Bank serves approximately 23 million customer accounts, which is roughly half the total population of the Republic of Korea (excluding duplicate customers in 2014).
FIDO Alliance: What role do you see FIDO-based authentication playing for Shinhan Bank in the future?
We are currently providing FIDO-based fingerprint authentication login services with enhanced security to an existing simple login method for customers using the Sunny Bank app, and as an additional authentication method. Currently, it is provided for Android and iOS Smartphone devices with the fingerprint authentication function.
Login, signup products, and funds transaction services provided with existing certificate verification will be gradually changed to the FIDO-based biometric solution, such as fingerprint authentication services via the smartphone application. It will maximize security in financial services and customer convenience simultaneously. Other means of authentication are also being planned in order to expand the variety of other authenticator types, such as iris scan and facial recognition-based authentication.