Established in 1998, Tradelink is a publicly traded company that acts as a gateway between the Hong Kong government and commercial businesses. Since its inception, Tradelink has been at the leading edge of online security – first in facilitating communications between the government and traders and since as a provider for security in the HK banking industry. One aspect that has been central to delivering these secure interactions since late 2016 has been the FlDO protocol.
The organization decided the Internet was going to be how it managed communications. It made security a priority and leveraged public key infrastructure (PKI). Originally used for communications between the HK government and traders, the technology was eventually opened up to the banking industry.
Since that time, Tradelink’s approach to authentication has continued to evolve leading the organization to FIDO. At first there was a trend to move away from the digital certificates and towards one-time passwords. And approximately four years ago, they began to explore biometrics as a solution in partnership with the banking industry, which helped fund the effort. After examining different technologies and standards worldwide, Tradelink decided to use FIDO-based authetication starting in 2016.
In their estimation, adoption by banks has been strong because no information about the user is sent from mobile devices. And whoever is the service provider, whether the banks or Tradelink, doesn’t need to transmit or store the biometric data which is important to the stringent requirement on data privacy protection in Hong Kong. This together with the adoption of the Public Key Cryptography as the backbone for the FIDO Standard were the other major factors driving banks to rapidly adopt the FIDO standard.
In fact, the appeal of this biometric approach has resonated extremely well in Hong Kong. As evidence, the Hong Kong Government will launch a new initiative for electronic ID in 2020 that will leverage FIDO to authenticate citizens online.
This case study originally appeared in the Javelin Strategy & Research’s “The State of Strong Authentication 2019″ Report.