Using Trustonic Application Protection enables KB Bank to dramatically improve the authentication experience for users of its mobile banking app and allow secure high value transactions
Mobile cybersecurity leader, Trustonic, today announces the successful implementation by KB Kookmin Bank (KB Bank) of Trustonic Application Protection (TAP™) to enable a simpler authentication experience for users of its KB Star Banking app. By combining TAP with its new digital authentication certificates, the bank is dramatically simplifying customers’ access to banking services and enabling them to authenticate higher value transfers in-app, without the need for cumbersome user authentication practices like security tokens.
The largest Korean bank by number of mobile users, KB Bank provides online and mobile banking services to over 10 million customers. Trustonic’s mobile application protection is enabling the bank to provide faster, simpler and more secure digital banking services by isolating authentication certificates in the hardware security of today’s smartphones. Since launching in summer 2019, the app has acquired 3 million active users, and adoption among KB Bank customers continues to grow rapidly.
Mr. Han, Senior Executive Vice President, Kookmin Bank commented: “In Korea, users need to install authentication certificates to use mobile banking services. This can be a complex and time-consuming process that often requires revalidation and multiple passwords. With our long-standing partner Trustonic, we are able to vastly improve the in-app user experience and allow our users to authorize much higher value transactions. Some security solutions make you choose between security, user experience and performance but with TAP there’s no compromise.”
Enhancing user experience & enabling high-value transactions with advanced security
Historically, public certificates need to be regularly renewed by the app user, which can be frustrating and time consuming. Now, because the new KB Mobile Certificates have the advanced in-app protection provided by TAP, they do not need to be renewed unless revoked by the customer or unused for one year. This significantly simplifies and enhances the user experience.
High-value in-app payments are now possible because of this advanced protection. KB Bank customers can transfer up to 2 million won (approx. $1,700 US) using their account password, and up to 50 million won (approx. $41,000 US) with a password and six-digit PIN. Amounts between 50 million won and 500 million won (approx. $413,000 US) can be verified by entering their password and PIN before receiving an additional authentication code via an automated phone call.
Improving in-app functionality through trust
The TAP in-app protection platform protects mobile applications by securing sensitive code, data and processes in a highly protected environment. The environment dynamically upgrades over the course of an app’s lifecycle to take advantage of the most advanced hardware and software security technologies available on smartphones. Banking, payment, acceptance and fintech app developers benefit as they can use the TAP SDK to build secure next-generation experiences.
Dion Price, CEO of Trustonic, says: “Korea’s certificate-based authentication infrastructure has historically limited the user experience for mobile banking apps. By making its banking app more seamless and secure with Trustonic’s unique combination of hardware and software in-app protection, KB Bank has vastly improved the user experience. This is a perfect example of how advanced security can enrich apps for end users, which is why TAP is being adopted to protect financial services across payments, banking, fintech and mPOS.”
For more information about how TAP is enhancing both security and user experiences, visit the Trustonic website.
Why Zero Trust and securing the supply chain is key to post-pandemic recovery
Jim Hietala, Vice President, Business Development and Security at The Open Group
Banking and finance have grown to provide a vast range of services to people, touching every part of our lives from splitting dinner bills with friends to buying your first home. At heart, though, the value they provide might be boiled down to a very simple statement: they offer security and interoperability.
Which is to say that, when we use money, whether that is to pay for the bus or establish a pension, we need to be certain that it will reach the right destination, regardless of which systems it passes through, without being intercepted along the way. Interoperability ensures that desired actions happen; security ensures that undesired actions do not happen. Between them, these two key capabilities give us vital freedom in how we financially interact with people and businesses.
Roads and walls
That simple statement, however, is not simple to implement. The industry has long relied on open standards in order to achieve interoperability: from basic identification needs performed through standards like the International Bank Account Number system, to complex interactions like those managed through the Open Banking Standard which is currently transforming the British banking experience, fairly managed rules which everyone understands are essential to modern finance.
These standards, of course, are not static, and need to keep evolving in order to meet new needs. The same can be said of security – banks might still be associated with huge metal safes and vault doors in the popular imagination, but we all know that that’s not what keeps our money safe today. The question of security is now a digital one. From multi-factor authentication, to Transport Layer Security encryption, to automatically blocking access from unfamiliar devices and locations, the industry has been an early adopter of a wide range of technologies which manage or control access.
The need to develop and improve security approaches is still present, though. As is always the case with cybersecurity, risks need to be continually reassessed as the operating context changes – and, indeed, innovations in how people interact with banks always need to be made with security implications in mind. At the same time, new methods and strategies for cyberattacks are always developing, and there are good reasons to believe that now is the time for a fundamental shift in how we think about the topic.
The new weak link
Banking and finance, it is needless to say, are among the highest-value targets for attackers, and that means that if one route to compromising the industry becomes too difficult, they will look elsewhere for their opportunity. This is precisely what we’ve witnessed happening in some of the highest-profile breaches of recent times as organisations in other industries have dealt with the realities of supply-chain attacks.
In late 2020, for example, the security consultancy FireEye discovered that it had, alongside many other organizations, fallen victim to a sophisticated intrusion which took an obscure and convoluted path to its target. The victims were users of software offered by the company SolarWinds, which was successfully infected with a trojan. As the SolarWinds tool was an approved piece of software, FireEye and others happily brought that malicious code inside the gates (so to speak) of their own networks. This gave the attackers a route to manipulate FireEye’s own software and ultimately give them access to sensitive and otherwise highly secure environments.
What’s important to understand about this attack is that no amount of network-focused security would have prevented it: rather than trying to pass as an authorised user, the attackers worked a situation where the actual point of infiltration was carried out by genuinely authorised users.
It’s a scary situation, and a tactic that becomes more viable for attackers as our digital infrastructure becomes more complex. As businesses in the sector offer their customers richer online experiences – often in ways which, as with Open Banking, seek to enhance interoperability – they also become more dependent on a whole stack of platforms and tools. Rather than build a new back-end system from scratch, for instance, a bank might bring in a fintech platform from a vendor, who will themselves use development and operational tools from other vendors, who themselves will have further dependencies on other vendors.
This supply chain, in other words, is starting to look like a vast new attack surface which requires a new approach to secure.
The end of trust
If securing networks is no longer enough, we need to look to models which secure the data and assets which those networks are there to carry. This is what the Zero Trust model offers: rather than assuming that any device on a network must have passed a security checkpoint and is therefore trustworthy, Zero Trust assumes that every action is potentially malicious, and performs security on an ongoing, case-by-case basis.
While the principles of Zero Trust are not new, the need to put them into action has never been greater. Few industries have gone untouched by the societal changes which the pandemic triggered, never mind the economic impact, and successfully bouncing back from those economic consequences will require innovating towards a position which reflects the expectations of modern consumers. For banking and finance, that means digital tools which work from anywhere, securely and intuitively.
Which brings us back, of course, to the other half of the value which this industry offers: just as new systems for interoperability need to be designed with regards to maintaining security, new security models cannot jeopardise interoperability if they are going to successfully preserve the freedom with which people expect to deal with their finances.
That’s why the industry’s adoption of Zero Trust has to happen from a position of open standards. Just as shared understanding powers institutions’ abilities to accurately communicate their customers’ intentions to one another, it is needed to enable mutual understanding about what needs to be kept secure and how. In a challenging and rapidly evolving environment, that’s a priority for all of us.
NutreeLife triples production with finance from Siemens Financial Services
Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens Financial Services (SFS).
Founded in 2017, NutreeLife is a rapidly growing company which produces vegan protein bars, snacks and other healthy vegan products. Following a significant increase in demand, the manufacturer wanted to invest in a new production line.
As Patrick Mroczak, MD and CEO at NutreeLife Ltd explains, “We were ready to invest in the next stage of business development. We needed new equipment to meet demand but we also wanted to preserve our cash flow to deal with the volatility of the pandemic.”
To protect the business’ working capital, SFS suggested a hire purchase arrangement. Under the agreement, NutreeLife could acquire the equipment immediately and with no upfront costs. Instead, SFS tailored the arrangement so that the company could spread the cost over 5 years in regular payments and at the end of the arrangement NutreeLife will automatically own the equipment outright.
Under the hire purchase solution, the manufacturer also met the conditions for the UK government’s super-deduction tax initiative, whereby a company investing in qualifying new plant and machinery assets is able to claim 130% of the equipment’s value in year one.
“As a relatively new business, it’s not always easy to gain access to the right finance at a good price but SFS were incredibly accommodating. They really understood the benefit of the technology for our business and helped us unlock the investment,” adds Mroczak.
With the new equipment and technology installed, NutreeLife has been able to triple its production and turnover, and expand operations in tow.
“Despite the ups and downs of the pandemic, the new production line has helped us to keep things moving. As demand rises we’ve been able to take on much more staff and use our working capital towards stockpiling raw materials when needed.”
And the business’ success has not gone unnoticed. NutreeLife was awarded Small Business of the Year at the 2021 Lancashire’s Be Inspired Business Awards (BIBAs).
“Working with SFS has truly opened up news avenues of business for us. The team is so fast and responsive and clearly dedicated to finding the best solution for our machinery needs,” comments Mroczak.
Kirsty Talmage-Rostron, Business Development Manager – UK South at Siemens Financial Services comments, “It’s always exciting to work with an innovative award-winning manufacturer like NutreeLife. Despite the challenges of COVID-19, we’ve been able to help the business rapidly develop and look forward to continuing to support this growth strategy as the business expands into new markets.”
AI-Powered Fraud Prevention for Digital Transactions
By Martin Rehak, CEO of Resistant AI Fraud is on the rise, thanks to the rapid escalation of digital channels...
The future of retail trading
Joe Jowett, CEO of StrikeX The 2020s look set to be the decade of the retail trader. As the...
Dissecting the expansion of online checkouts
Daniel Kornitzer, Chief Business Development Officer Card payments have long existed as the preferred payment method for online consumers....
How bug bounty programs can help financial institutions be more secure
Rodolphe Harand, Managing Director at YesWeHack Financial services have been one of the most heavily targeted industries by cybercriminals...
Resolving the unintended friction of Web 3.0
Marten Nelson, CEO, M10 Networks Media is buzzing about Web 3.0 and the metaverse. Companies and investors are scrambling to get...
Predictions for Alternative Data in 2022
Neil Chapman, CEO of Exabel 2021 saw various firsts for alternative data. The $1.6bn flotation of SimilarWeb evidenced the...
Why Zero Trust and securing the supply chain is key to post-pandemic recovery
Jim Hietala, Vice President, Business Development and Security at The Open Group Banking and finance have grown to provide...
Five predictions set impact the finance teams in 2022
By Rob Israch, GM Europe at Tipalti The CFO now has a very different set of responsibilities in comparison...
Three ways to reduce uncertainty in financial services marketing
By Patrick Costello, Senior Product Strategy Director, Optimizely According to Bain & Company, uncertainty is one of the key factors affecting marketing...
Bringing Automation to Banking
Ron Benegbi, Founder & CEO, Uplinq Financial Technologies Automation is everywhere you look these days; from supermarkets to warehouses...
Why financial services is stepping into a new era
by James Mingard, Head of Retail & Finance at Maintel When comparing industries, financial services has arguably fallen behind when...
FINANCIAL MARKETS IN 2022: INFLATION, ENERGY PRICES, AND THE CONTRASTING PERFORMANCE OF STOCKS
Bob Jenkins, Head of Research, Refinitiv Lipper Anyone hoping for a reprieve from the chaos and uncertainty of the...
FINTECH TRENDS TO LOOK OUT FOR IN 2022 WHICH WILL CHANGE THE WAY WE DEAL WITH FINANCE!
Embedded Finance is estimated to be a $3.6 trillion market opportunity (Matt Harris, Bain Capital Ventures) Embedded Finance means it’s...
THE GREEN REVOLUTION IN INVESTING
It can’t be denied how quickly environmental sustainability has become a focus among everyday consumers, whether they’ve become noticeable through...
INVESTMENT IN INNOVATION: 2022 TRENDS AND OPPORTUNITIES
Author: Michael Kodari, Founder and CEO of Kodari Securities (KOSEC) Moving into 2022, while COVID is still front of...
HOW TO CONSOLIDATE INVESTMENT REPORTING OPERATIONS AFTER A MERGER OR ACQUISITION
By Andrew Sehulster and Abbey Shasore The reason why senior management make an acquisition is to compete better or...
FUNDING R&D IS STILL A PRIORITY FOR COMPANIES DESPITE THE PANDEMIC
By Emma Lewis, Myriad Associates HMRC regularly releases statistics that look at the numbers of R&D Tax Credit claims...
Mitigating the insurance risks of climate change through geospatial data visualisation
Richard Toomey, Senior Manager, Commercial Insurance at LexisNexis Risk Solutions UK and Ireland In the lead up to the...
From compliance to the metaverse: Investment trends to look out for during the year ahead
By Rami Cassis, Founder and CEO of Parabellum Investments In the investment world, the old saying, knowledge is power,...
NutreeLife triples production with finance from Siemens Financial Services
Plant-based snack manufacturer NutreeLife has massively increased its production capacity with the help of a hire purchase solution from Siemens...