Connect with us

Hi, what are you looking for?

HEADLINES

More than 3 in 5 in SEA want OTP via SMS in every e-payment transaction

Majority of the respondents also want to see the implementation of two-factor authentication or 2FA (57%) as well as biometric security features like facial or fingerprint recognition (56%).

Photo by NeONBRAND from Unsplash.com

A recent Kaspersky research showed that e-payment adopters in Southeast Asia (SEA) are becoming increasingly aware of the importance of safeguarding their financial data amidst the rapid rise of digital payment use in the region. And they are clear on the additional security features they hope to see implemented by banks and mobile wallet providers here, moving forward.

Titled “Mapping a secure path for the future of digital payments in APAC”, the study discovered that more than three in five (67%) users of digital banking and e-wallet apps in SEA prefer the implementation of one-time-passwords (OTPs) through SMS for every transaction.

Majority of the respondents also want to see the implementation of two-factor authentication or 2FA (57%) as well as biometric security features like facial or fingerprint recognition (56%).

Interestingly, the implementation of OTPs is the top priority for consumers in most SEA countries – including Indonesia (67%), Malaysia (66%), The Philippines (75%), Thailand (63%), and Vietnam (74%) – except Singapore where two-factor authentication is the most urgent concern (65%).

Advertisement. Scroll to continue reading.

Digital payment customers also welcome the use of machine learning in combatting social engineering attacks. Almost half (40%) noted that companies should start preventing frauds/scams automatically based on spending behavior and/or transfer history. 

Over a quarter (28%) also said Tokenization – the process of protecting sensitive data by replacing it with an algorithmically generated number called a token – can also augment the security of mobile banking and e-payment applications in the region.

“SEA’s sheer market size in terms of digital payment offers a lengthy runway for expansion. In a competitive sector, payment companies should be assessed not just on their innovations, but also on their security posture. We can draw from our findings that customers are increasingly becoming aware of the value of technology to protect their finances online. In general, these security features are useful preventive measures that can potentially enhance the cybersecurity standards in the digital payments space. However, these options should not be viewed in an isolated manner, but considered as part of a holistic cybersecurity framework,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

The usage of two-factor authentication, for example, has its limitations, particularly when it comes to SMS-based authentication. 

Password-bearing SMS messages can be intercepted by a Trojan lying inside the smartphone, or by a defect in the SS7 protocol used to transmit the messages, making SMS-based 2FA unreliable at times. In such cases, it would be advisable to employ self-contained authenticator apps, with SMS being used only as a last resort to limit a company’s vulnerability to data breaches.

With the complicated nature of securing apps and finances online, it is not surprising that over three in five (65%) of the respondents said that banks and mobile wallet companies should provide more incentives to maintain the security decorum – such as changing passwords regularly. Another 60% noted that providers should educate users more about the threats online.

Advertisement. Scroll to continue reading.

When it comes to choosing a mobile e-wallet provider, security remains a priority for digital payment users in SEA. 

More than half (58%) said they will use an e-wallet that includes extra security features like fingerprint and 2FA while more than a third (37%) said they will use banking apps or mobile wallets from providers that have not have been engaged in any previous data breach or cybersecurity attack.

A number of respondents also noted that mobile e-wallet has to be independent – can be used directly by a bank or through a third party (42%) or a closed one – linked to specific merchants, where users can only use the funds to make payments for transactions initiated with the specific merchant (35%).

Another set of considerations in choosing a digital wallet company includes apps that should offer promos, cashback, lower transfer fees (49%); provide anonymity – users don’t need to reveal credit card details to too many merchants (35%); be bankless – bank account details not needed (25%); and be locally made (16%).

“To develop a long-term and sustainable growth strategy, digital payment companies need to take into account some of the wants and needs of their users. While some of the preventive measures are not entirely new and have been around for some time, it is crucial to consider how security features can be integrated in a manner without compromising the user experience. Our study showed how customers are increasingly holding digital payment providers accountable to the security of their finances online so we suggest companies to determine the cybersecurity gaps in each of the stages of their payment process and fit in the right IT measures in a calibrated manner,” adds Yeo.

Advertisement. Scroll to continue reading.

To stay protected from ever-changing fraud and cybercrime techniques, Kaspersky recommends digital payment providers to adopt the following measures:

  • Ensuring prompt patching and updating of software to prevent adversaries from penetrating the system.
  • Implementing high-grade encryption for sensitive data and enforcing strong credentials and multi-factor authentication.
  • Using effective endpoint protection with threat detection and response capabilities to block access attempts, and managed protection services for efficient attack investigation and expert response.
  • Educate your customers and employees on possible tricks malefactors may use. To save time and receive quality service, companies should work with globally recognized providers that can ensure an efficient learning process.
  • Conduct annual security audits and penetration tests to find security issues in a company’s network.
  • Install a fraud prevention solution that can be quickly adapted for identifying new attack schemes and methods.
  • For enterprises with mature IT infrastructure, install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation, and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly up-skill them with professional training. All of the above is available within Kaspersky Expert Security framework.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In rigorous evaluations conducted by prestigious cybersecurity testing organizations, Kaspersky Plus (starting in Q4 2024, Kaspersky Premium), Kaspersky Endpoint Security for Business (KESB), and...

HEADLINES

"Given the Philippines' high exposure to cyber threats, it's important for both individuals and businesses to stay vigilant," said Adrian Hia, Managing Director for...

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

Advertisement