Biometrics could become Korean specialty

KTB Solution, established in 2008, was an information security developer until last year. Now, it has become a high-profile fintech company with a bio-signature algorithm it has high hopes for.

KTB’s Smart Sign Cross is a security verification system that was introduced at a Global Fintech Challenge hosted by Emirates NBD Group in London two weeks ago. It works like this. When you’re buying something online, you choose a product and select a card you want to pay with. There is no need to type in the card number or a password. You simply sign on the touchscreen of your smartphone and then point the screen at your face. If the signature and face match, payment is approved.

Irience is another rising star in biometric verification. The company was founded in 2010 as a start-up with iris recognition technology. It has been manufacturing iris recognition software and door locks. It grabbed the attention of the financial industry after it introduced its algorithm at the first Demo Day held by the Financial Services Commission (FSC) in April 2015. Since then, the company has been getting calls from leading financial institutions to collaborate on developing iris verification algorithms for financial transactions.

This is how the fintech boom has changed the Korean start-up landscape. Low-profile algorithm developers in different areas are jumping into biometric verification, one of the most promising areas for Korea in fintech.

KTB’s bio-signature algorithm is based on bio-behavioral recognition technology. It verifies a user by writing behavior, including the direction in which a signature starts, finger pressure and speed of writing. Adding facial recognition to Smart Sign was for stronger security.

“If you only use one type of biometric information, it will be 2 percent short of perfect verification,” Kim Tae-bong, CEO of KTB Solution, said. “That’s why it’s desirable to use more than two types for stronger security.”

The company has as many as 50 financial companies as clients for its security programs.

In lieu of one-time password (OTP) tokens or security cards issued by banks, people in the near future will be able to choose to use their iris, signature or voice as legal tools to verify their identities and approve financial transactions via mobile platforms.

Remote identity verification is one of the most promising areas, and it’s attracting lots of research and investment. In Korea, face-to-face identity verification was a must for many financial activities until early 2015. That was lifted when the government decided to push fintech. Now, companies are developing new tools to verify a person’s identity with high accuracy.

Even when face-to-face verification wasn’t required, Korean financial customers were required to verify their identities with authenticated certificates when using online banking services or payment services until March 2015. President Park Geun-hye scolded the industry for that regulation after she learned that Chinese fans of “My Love from the Star” (2013-14) were unable to buy the kind of coat that actress Jun Ji-hyun wore in the drama on Korean shopping sites. The ActiveX security program that was used on all Korean websites was also scraped.

The FSC wanted financial institutions to introduce other tools to make verification easier. But many of the conservative institutions have dragged their feet. Earlier this month, the FSC decided to scrap mandatory use of OTP tokens or security cards for online transactions or payments from June 30.

Biometrics are considered a very attractive alternative to the old tools, according to the industry.

The biometrics market can be basically classified into what part of the body you use as a verification tool: iris, fingerprint, face, vein or hand shape. Besides physical features, there are also ways to use so-called bio-behaviors like signing one’s name, speaking and walking patterns.

“As the mandatory use of authenticated certificates and other physical tools is going to be eliminated, the combined use of biometric information will be on the rise,” said an official at the Korea Financial Telecommunications & Clearings Institute (KFTC). “But it is up to the banks and other financial institutions to use them.”

According to data compiled by the Korea Institute of Science Technology Research, the global biometric market is estimated to grow to $11.7 billion this year, doubling from 2012. Korea’s market is projected to be around $265 million, up from $151 million in 2012.

“As the volume of online financial transactions is expanding rapidly, demand for faster and safer self-verification tools is going to be higher,” a researcher at the institute said.

Irience is in talks with BC Card, securities brokerage firms including Mirae Asset Daewoo, and a smartphone manufacturer to use its iris recognition technology.

“There are three local companies with iris recognition technologies, but Irience’s is 10 times more accurate than competitors,” said Phyun Heung-kook, general manager of strategic planning at the company, citing the Korea Internet and Security Agency, which certified Irience’s algorithm.

Scanning the iris is known to be the most secure biometric tool. Irises are formed from six months after birth to two years, and they never change. Each eye has a slightly different iris. Even identical twins have different irises. While face recognition has an error rate of 0.001 percent, scanning the iris of one eye has an error rate of 0.000001 percent. It is almost impossible to make an error when using a pair of irises.

“Currently, the three iris verification companies are working on standardization of the verification algorithms, which will help banks and other financial institutions apply the iris verification technology more easily and widely,” Phyun said.

Power Voice has developed a speaker verification algorithm based on the global fast identity online standard, known as FIDO. The company is a voice recognition program developer started in 2002.

“Just say, ‘Pay with my voice,’” said Jeong Hee-suk, CEO of the company, talking to his smartphone. “There are too many numbers to remember for one payment, and it is dangerous to save them in any kind of servers.

“Even when you lose your smartphone, no one can imitate your voice or the way you speak because everyone has different vocal tracts and speaking patterns,” he said.

The company has completed a beta test for the application of the voice verification algorithm with BC Card. The leading Korean credit card firm will launch a new service later this month.

Banks and other credit card firms are planning to adopt biometrics within the year.

However, issues regarding the use of bio information remain. There are concerns about the possibility of hacking or theft, and it is costly to store bio information in a safe manner.

The KFTC is set to open a server exclusively to store biometric information in October, which should accelerate biometrics in Korea.

“Banks and other financial companies will be able to resolve both the cost and hacking issues with the new server run by a public institution, and use of biometric information will expand across the industry,” the official said.

Meanwhile, the Korea Information Certificate Authority, the exclusive provider of the old authenticated certificate, signed an agreement with KTB Solution last week to start providing the Smart Sign Certificate service within the year.

“Signature is an international verification tool,” Kim said. “With the agreement, financial institutions will start adopting Smart Sign later this year.”

But some security experts remain skeptical about the security of biometric information, and say maybe passwords are not headed for the dustbin quite yet.

“Many reports and studies from the United States suggest using biometric information as a supplementary tool for existing passwords,” said Kim Seung-joo, an information security professor at Korea University.

BY SONG SU-HYUN [song.suhyun@joongang.co.kr]