Secure Mobile Banking
-
Upload
veridium -
Category
Technology
-
view
70 -
download
0
Transcript of Secure Mobile Banking
B E F O R E W E B E G I N
Attendees have been muted
You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session
©Veridium IP, Ltd. All Rights Reserved
David van DammePartnerships & Business
Developmentbunq
• Holds degrees in marketing management and international law
• Worked as a key account manager for Henkel before joining bunq
• Helps develop key partnerships at bunq to drive consumer-focused development
B E F O R E W E B E G I N
©Veridium IP, Ltd. All Rights Reserved
Asem Othman, PhDBiometric Scientist
• PhD in Electrical Engineering from West Virginia University. Post-Doc Fellow at Michigan State University
• Holds 3 patents/patents pending related to biometrics
• Lead scientist behind our 4 Fingers TouchlessID technology & Distributed Data Model using Visual Cryptography
B E F O R E W E B E G I N
©Veridium IP, Ltd. All Rights Reserved
• How we use biometrics for mobile security
• The challenge of securing mobile banking transactions
• Why bunq chose biometrics for user authentication
• The advantages of 4 Fingers
AGENDA
bunq goes beyond money.
That is why we bank different.
We focus on your great night out and cater to it.
• Our story
• What is bunq?
• Building solutions together
• Partnership with Veridium
• Why 4 Fingers?
Our Story
We receive our banking
license from the DNB
September 2014 January 2016
We launch IDEAL payments
with QR-codes
November 2016
Public beta: new features
Chat & Connect
March 2016
Business accounts launch
Minors accounts launch
with approval
April 2016
Our Story
V2: quicker on-boarding
and many new features
May 2016 October 2016
Our own Maestro/Mastercard
connection
August 2016
First launch with an
innovation partner
November 2016
V3: Completely new design
Launch of a new app: Slice!
November 2016
More to come in
2017 :)
Social We make money social. Tuned in on group interactions.
Real-time We make money instant, with real-time transactions and settlement.
Banking license We provide security to all partners & customers. No fooling around.
Innovative We develop constantly to meet consumer wishes.
Software based We are software based so no need to invest in new hardware.
“We are not just a payment solution,
we create value propositions beyond money.”
What is bunq?
Face vs. 4 Fingers
Main Benefits:
• Compatibility across devices [front vs. back camera]
• User threshold [selfie vs. ‘handy’]
• More control - dependency on external factors decreased
4 Fingers
User Feedback:
• “I prefer hand recognition because it always works!”
• “I like how it doesn’t attract weird looks, versus a selfie.”
• “It’s just cool!”
4 Fingers
Statistics:
• Amount of complaints of biometric ‘failure’ has dropped
significantly, about 80% - 90%
• 78% of users select 4 Fingers as their preferred authentication
method
• Amount of attempts before a successful authentication decreased
significantly
P R O V I N G I D E N T I T Y
Passwords only authorize access, while
authentication is the process of verifying the
claim that identity makes.
Identity is the “claim” you make to access information, but making that claim with a password doesn’t prove who
you are.
Only biometrics – your face, your voice, your fingerprints – prove you are who you say
you are.
©Veridium IP, Ltd. All Rights Reserved
We provide all the components necessary for a complete, end-to-end biometric
authentication solution that is flexible, secure, and enterprise ready.
©Veridium IP, Ltd. All Rights Reserved
• Matching on the device (FIDO compliant) or on the server
• Vectors stored on device, server, or distributed between the two
• IOS, Android, and Windows platforms
• Multiple plug-and-play biometric library
• Hosted on premise or in the cloud
• 2-way SSL communication between device and server
• Visual Cryptography for secure storage of biometric data
• Solution deployment scripts are obfuscated for additional security
• Integrates with Active Directory, Radius, LDAP, SAML, and NetScaler
• Admin dashboard for analytics and reporting
• Customer support
• Built on an open standard called IEEE 2410, supported by a working group which continues to advance this standard, future-proofing your investment
©Veridium IP, Ltd. All Rights Reserved
4 Fingers TouchlessID is a significantly more reliable biometric than other mobile-based solutions.
Capturing all four fingerprints at once increases the complexity of the data collected, enhancing overall security.
4 Fingers TouchlessID doesn’t require any additional hardware beyond a 5MP camera and LED flash, which nearly all smartphones already have, making it ready to deploy.
©Veridium IP, Ltd. All Rights Reserved
• Universality (Does every user have it?)
• Distinctiveness (Is it unique across users?)
• Permanence (Does it change over time?)
• Collectability (Can it be measured quantitatively?)
H O W T O C H O O S E A B I O M E T R I C T R A I T
©Veridium IP, Ltd. All Rights Reserved
• Performance (Does it meet error rate, throughput..?)
• Users Perception and Acceptability (Is it acceptable to users?)
• Vulnerability (Can it be easily spoofed?)
• App Integration (Can it be acquired by available devices?)
• Large-Scale Adoption ”Usability” (What is the post-usage attitude?)
H O W T O C H O O S E A P R AC T I C A L M O B I L E B I O M E T R I C T R A I T
©Veridium IP, Ltd. All Rights Reserved
• Multimodal Biometric system
• Consolidate the evidence presented by multiple biometric sources.
• Typically provides better recognition performance compared to systems based on a single biometric modality.
• Provides anti-spoofing measures by making it difficult for an intruder to spoof multiple biometric instance simultaneously.
Patent US 9,361,507
©Veridium IP, Ltd. All Rights Reserved
• False rejection rate (FRR) is as low as 1% at false acceptance rate (FAR) of 0.01%.
• 4 Fingers has its own light source (your phone’s flash) so it works in any lighting
condition
• 4 Fingers requires no external hardware.
• We just require a 5MP camera and LED flash.
• 4 Fingers is one of the most secure biometrics available.
4 Fingers is reliable in almost any environment
©Veridium IP, Ltd. All Rights Reserved
CO M PA R I S O N O F T O P “ M O B I L E ” B I O M E T R I C T E C H N O LO G I E S
(H=High, M=Medium, L=Low)
Biometrics Universality Uniqueness Permanence Collectability Performance Acceptability
Face H L M H L H
Fingerprint M H H M* H M
Iris H H H M* H L*
Voice M L L M* L H
4 Fingers TouchlessID*
H H H H H H
(H=High, M=Medium, L=Low)
Circumventions(Presentation
Attack)
H
M
L
H
L
Anil K. Jain, Arun Ross, and Salil Prabhakar. "An introduction to biometric recognition." Appeared in IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004.
©Veridium IP, Ltd. All Rights Reserved
• Biometric data of an individual is often stored in a central database
• Raises issues related to security and privacy of biometric data
• Unlike compromised passwords, it is difficult to re-issue biometric data
• Cross-database matching may be done to track individuals
P R E S E R V I N G D ATA P R I VAC Y
©Veridium IP, Ltd. All Rights Reserved
• Visual Cryptography Scheme (VCS) is a simple and secure way to allow the secret sharing of secrets without any cryptographic computations.
• It is the encryption of visual information such that decryption can be performed using the human visual system.
• Someone who has no previous knowledge of Cryptography.
• The mathematical proof of this scheme and its perfect encryption are shown in the original paper by Naor & Shamir.
* M. Naor and A. Shamir, “Visual cryptography,” in EUROCRYPT, pp. 1–12, 1994.
V I S U A L C R Y P T O G R A P H Y
©Veridium IP, Ltd. All Rights Reserved
For more information contact: [email protected]
Phone: +1 877.301.0299 • www.VeridiumID.com • Twitter: @VeridiumID • LinkedIn: Veridium
UPCOMING WEBINAR
March 23, 2017
For more information contact: [email protected]
Phone: +1 877.301.0299 • www.VeridiumID.com • Twitter: @VeridiumID • LinkedIn: Veridium
QUESTIONS?