User authentication, and in particular two-factor authentication, is a key step for secure data transactions. Pretty much all financial institutions mandate two-factor authentication for all mobile and online transactions to prevent fraud. Two-factor authentication usually constitutes something that the user has (e.g. mobile phone, credit or debit card) and the user knows (e.g. password or PIN). As passwords can easily be compromised by fraudsters, another factor of authentication was added in the form of One Time Password (OTP) to protect consumers. Now, let’s be under no illusion, OTP is ubiquitous and has possibly prevented countless abuses and fraudulent transactions. However, could we do better?
Currently, users receive the OTP in the form of an SMS to their registered mobile. If for instance, the user is outside the network connection or traveling without roaming enabled, this feature cannot be used. This is a great inconvenience to both the service provider and the consumer. Besides, OTP is vulnerable to malware attacks and SIM swaps. In both cases, the SMS sent to a legitimate user can be read and deleted by the fraudster without the user ever knowing about it.
This is precisely the problem that we are attempting to solve using “One Time Selfie”. The way it works is very simple: when Bob logs into his Bank online, a One Time Selfie request is sent to his registered mobile phone (via push notification). Assuming that Bob has already enrolled for this service on his mobile phone, he will simply have to take a selfie and the system will authenticate him against his enrolled faceprint and let him operate his account safely. The same will hold true for all kinds of online and mobile financial transactions. Now, the good part is that this will work even when there is no mobile data connection for Bob as any internet connection is sufficient to carry out this transaction (including a hotspot from the same system that is connected to the online account). And unlike SMSs which can be read remotely by malware running on Bob’s phone, faceprint verifications will fail when attempted by fraudsters remotely. And in all likelihood, the fraudsters will leave a trail for law enforcement to catch up.
One Time Selfie (OTS) is a natural progression from OTP and can go a long way to protect both consumers and businesses from fraud and cyber-attacks. Stay tuned to learn more about this technology. If you would like to trial our face recognition SDKs, please get in touch with us at firstname.lastname@example.org.