Signature on smartphone for security and for business
Interview with Daria Verestnikova, Commercial Director of SafeTech
“BIS JOURNAL: Information Security of Banks”, No. 1/2020.
In recent years, the expert community has continuously talked about the rapid development of digital banking channels and the related problems: increased activity of scammers using social engineering, vulnerabilities of transaction confirmation codes transmitted in SMS and PUSH, and limitations of services for mobile users. BIS JOURNAL talked with Daria VERESTNIKOVA, Commercial Director of SafeTech, about how to solve the current security problems of online and mobile banking, as well as create the necessary conditions for the most innovative and popular services.
In an interview, Daria spoke about the most pressing issues related to the digital channel security: the problem of social engineering, the need to comply with the requirements of Bank of Russia Regulation No. 683-P of 04.17.2019, the vulnerabilities of outdated authentication methods for RBS users and confirmation of their operations with a one-time SMS or push code.
Daria paid special attention to the digital signing with a smartphone and its advantages for customers. Under existing conditions, this technology can solve the problem of social engineering, provide new services for RBS customers (such as entering their personal accounts without a username and password using a smartphone), as well as the possibility of using a smartphone to access personal account at an ATM without a credit card. Particularly, Daria shared their experience in the organization of a paperless office with banks to allow the bank’s customers to sign contracts without papers. Currently, this is one of the most relevant areas for the RBS development: digitalization of paper workflows.
At the end of the interview, Daria spoke about the future SafeTech projects: integration with various security systems, in particular, with biometric authentication systems and anti-fraud systems. This will allow banks to provide “adaptive authentication” to further increase the level of customer security and convenience. Integration with biometric systems will allow banks to add additional authentication factors when performing so-called “high-risk” operations, while the advanced anti-fraud systems will allow them to assess the risk of the transaction signing and user’s authenticity regarding a specific mobile device in real time.