Deploying FIDO in Japan: An Interview with SBI Sumishin Net Bank
SBI Sumishin Net Bank is an Internet-focused bank jointly established in 2007 by SBI Holdings and Sumitomo Mitsui Trust Bank. In keeping with their aim to be recognized for innovation, the bank deployed FIDO Authentication in July 2020. We had an interview with the bank about the details of their deployment.
Q. Describe your service and how it’s using FIDO Authentication.
We have incorporated FIDO-compliant authentication into our existing “SBI Sumishin Net Bank” mobile application. Now, a single application is available to provide both banking and authentication functions to our customers. This eliminates the need for our customers to enter passwords and verification codes for each transaction. Instead, they can simply log in to the SBI Sumishin Net Bank App with biometric authentication. Even when transactions are made from a PC or other non-mobile application environments, the application will confirm and approve the transaction details before they are executed, preventing unauthorized transfers. Furthermore, when using the login approval function, only the registered smartphone can remove any control, which prevents unauthorized logins.
Q. What FIDO specification(s) did you implement?
We have deployed a solution based on FIDO UAF, which uses biometrics (fingerprint and facial recognition) and PIN as the authentication methods.
Q. What other approaches did you consider before choosing FIDO?
We looked at continuing with the existing smartphone application “Smart Authentication,” which is a separate application the customer would have to authenticate logins and bank transactions. However, we saw it as difficult to operate two applications separately and saw it as a burden for our customers to have to use two separate applications just to bank with us.
Q. Why did you choose FIDO authentication over other options? What did you identify as advantages of implementing FIDO?
Although there are various types of authentication methods available, the fact that FIDO Authentication is a global standard developed by a global consortium FIDO Alliance, and that we have seen is increasingly being deployed in Japan and globally – were two factors that made it very appealing to us.
Q. Why did you decide on a standards-based approach?
There are two main reasons why we chose to take a FIDO standards-based approach.
First, FIDO Authentication provides stronger security. FIDO Authentication enables safe exchange of authentication results over the network, and the credential is stored only on the device that performs the authentication (in our case, the smartphone) and does not need to be transmitted over the network or stored on the server side.
Second, FIDO improves convenience for our customers. By incorporating authentication into our existing banking app, we are making it possible to complete both banking and authentication functions in a single app, enabling smooth transactions without having to enter passwords or other information.
Q. What steps were involved in your roll out of FIDO Authentication? Did you work with a partner?
We implemented the FIDO-compliant “SaAT Pokepass Authentication Service” provided by Net Move Corporation (“Net Move”), a wholly owned subsidiary of SBI Sumishin Net Bank. The new authentication function “Smart Authentication NEO” was deployed by incorporating the client SDK for this service into the bank application.
Q. What other data points can you share that show the impact FIDO authentication has had?
On July 31, 2020, we launched a new authentication feature, “Smart Authentication NEO.” On the quantitative side, the number of new registered customers has reached approximately 100,000 in just three weeks since its launch, and we expect this number to increase further in the future.
On the qualitative side, many customers have commented on the convenience of being able to use a single app for both banking and authentication functions.
Q. What advice would you give to other organizations considering rolling out FIDO authentication?
Again, our company’s FIDO authentication uses Net Move’s “SaAT Pokepass Authentication Service.” By collaborating with Net Move, we were able to deployed the new authentication function “Smart Authentication NEO” in a short period of time.
In addition to FIDO authentication, Net Move already has an installed at more than 100 financial institutions, including “SaAT Netizen,” an anti-fraudulent remittance service, and we believe that Net Move can help to solve these issues.
Q. What role do you see FIDO Authentication playing for your company in the future?
The “Smart Authentication” service will be discontinued after January 2021, and we will move exclusively to the FIDO-enabled “Smart Authentication Neo” app. We see moving to the FIDO-enabled app as the key authentication function will further allow us to provide secure and convenient experiences for our customers.
Q. If you are able, please provide a quote from an executive regarding this deployment and the impact FIDO has had for your organization.
Quote from the project manager of SBI Sumishin Net Bank:
“Our goal is to revolutionize financial services and make society more comfortable and convenient by utilizing the most advanced technology with a customer-centric approach. Security is an extremely important factor in achieving this goal, and we believe that the introduction of FIDO will make a significant contribution.”
Document Authenticity (DocAuth) Certification Program for Remote Identity Verification
Sign up for updates!Get news from FIDO Alliance in your inbox.
By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.