Nok Nok Labs is urging banks to replace SMS one-time passwords with stronger FIDO authentication protocols. In doing so, the company cited the example of BBVA, which was able to improve its security posture and deliver a better customer experience after adopting Nok Nok’s S3 Authentication Suite in early 2020.
The Authentication Suite allows BBVA customers to sign into their accounts with the face and fingerprint recognition features that are now readily available on modern smartphones. It also allows them to view a list of the devices that have accessed that account, which makes it easy to spot any unauthorized access events.
Nok Nok then went on to highlight some of the limitations of SMS technologies, noting that SMS passcodes can be intercepted, and are therefore highly vulnerable. FIDO authentication, on the other hand, is resistant to phishing and account takeover attacks, since it can thwart fraudsters even if they do manage to get hold of someone’s knowledge-based identifiers. Both types of fraud have become more sophisticated during the pandemic, as fraudsters have come up with scams that exploit people’s fears about COVID-19.
FIDO authentication can also help banks meet Europe’s new PSD2 regulations, which require step-up authentication for online payments and bank transfers. In that regard, Nok Nok argues that biometric identifiers are more convenient than the SMS alternatives.
“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience,” said BBVA Global Technology and Information Security Officer Juan Francisco Losa. “Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security, along with a transparent and agile user experience.”
Japan’s MUFG Bank, Iceland’s Landsbankinn, and South Africa’s Standard Bank are some of the other financial institutions that are now using the S3 Authentication Suite to protect their customers. Nok Nok added support for smartwatches with the release of an updated version of the S3 Suite back in October.