With the financial lives of consumers increasingly managed via their smartphones, Korea Financial Telecommunications and Clearings Institute (KFTC) has collaborated with Trustonic and Mirae Technology to simplify and improve the secure authentication of mobile financial services and transactions.
KFTC, Korea’s centralized OTP authentication service provider for over 20 million end users, has launched a secure, digital one-time-password (OTP) service, which has already been integrated by KDB Bank and is now available for end users of financial institutions such as banks, lenders, traders and insurance companies across Korea.
Using Trustonic’s APIs, the OTP generator is secured in the hardware of the device, thus making the user experience simpler, faster and richer. In addition, this solution offers increased security levels, when compared to software-protected second factor authentication, by using TrustZone technology and a Trusted User Interface.
“How many times have you needed to complete a transaction and not had your authentication token with you?” asks Ben Cade, CEO of Trustonic. “This was an acceptable scenario a few years ago, but not any longer. With our technology now embedded in more than 1.5 billion devices worldwide, services like this can simplify and enrich the user experience while also increasing both security and speed.”
For the last five years, Trustonic has been working with handset manufacturers to embed the Trustonic Secured Platform (TSP) into billions of devices. This Trusted Execution Environment (TEE) device security technology offers a TrustZone-secured operating system (OS) that is completely isolated from the device OS, making it, and trusted applications (TAs) residing in it, highly protected from software threats and hacking.
Importantly, TSP is the only open TEE technology available, making Trustonic the sole security partner able to support KFTC and the Korean financial institutions in securing this on-device OTP service. KFTC simply integrated Trustonic’s solution into its service, enabling applications downloaded to a TEE-enabled smartphone or tablet to generate OTPs at the click of a button before securely displaying them to the user.
“This is the added value of the TEE,” adds Ben. “Not only is the OTP generator secured in hardware, but the display of the device is also protected to ensure that hackers and malware cannot copy or interfere with the OTP process. This is end-to-end security for the digital age.”
Oh-sik Shim, Head of the Advanced Authentication Planning Team at KFTC, said: "We have been working to enhance our OTP service to provide a great end user experience so needed the right technologies to be in place to maintain security. With Trustonic and Mirae Technology we have the perfect solution to make our users’ lives simpler, richer and faster. KDB Bank has already gone live and we are already working with a number of other financial institutions nationwide.”
Soon-chul Kwon, Director of the IT Solution Division at Mirae Technology, concludes: “In combining our OTP platform with Trustonic’s solution we have realized KFTC’s vision of seamless user authentication. Furthermore, this is not just for one bank and it is now available to any financial body that wants to enhance the user experience of its app while maintaining, and even increasing, security. This is a significant step forwards for both Korean and global financial services.”
In 2017, Trustonic became the first vendor globally to achieve Common Criteria security certification for a TEE device security product, paving the way for mass market delivery of trusted services on connected devices.