Biometrics could become Korean specialty
KTB’s Smart Sign Cross is a security verification system that was introduced at a Global Fintech Challenge hosted by Emirates NBD Group in London two weeks ago. It works like this. When you’re buying something online, you choose a product and select a card you want to pay with. There is no need to type in the card number or a password. You simply sign on the touchscreen of your smartphone and then point the screen at your face. If the signature and face match, payment is approved.
Irience is another rising star in biometric verification. The company was founded in 2010 as a start-up with iris recognition technology. It has been manufacturing iris recognition software and door locks. It grabbed the attention of the financial industry after it introduced its algorithm at the first Demo Day held by the Financial Services Commission (FSC) in April 2015. Since then, the company has been getting calls from leading financial institutions to collaborate on developing iris verification algorithms for financial transactions.
This is how the fintech boom has changed the Korean start-up landscape. Low-profile algorithm developers in different areas are jumping into biometric verification, one of the most promising areas for Korea in fintech.
KTB’s bio-signature algorithm is based on bio-behavioral recognition technology. It verifies a user by writing behavior, including the direction in which a signature starts, finger pressure and speed of writing. Adding facial recognition to Smart Sign was for stronger security.
“If you only use one type of biometric information, it will be 2 percent short of perfect verification,” Kim Tae-bong, CEO of KTB Solution, said. “That’s why it’s desirable to use more than two types for stronger security.”
The company has as many as 50 financial companies as clients for its security programs.
In lieu of one-time password (OTP) tokens or security cards issued by banks, people in the near future will be able to choose to use their iris, signature or voice as legal tools to verify their identities and approve financial transactions via mobile platforms.
Remote identity verification is one of the most promising areas, and it’s attracting lots of research and investment. In Korea, face-to-face identity verification was a must for many financial activities until early 2015. That was lifted when the government decided to push fintech. Now, companies are developing new tools to verify a person’s identity with high accuracy.
The FSC wanted financial institutions to introduce other tools to make verification easier. But many of the conservative institutions have dragged their feet. Earlier this month, the FSC decided to scrap mandatory use of OTP tokens or security cards for online transactions or payments from June 30.
Biometrics are considered a very attractive alternative to the old tools, according to the industry.
The biometrics market can be basically classified into what part of the body you use as a verification tool: iris, fingerprint, face, vein or hand shape. Besides physical features, there are also ways to use so-called bio-behaviors like signing one’s name, speaking and walking patterns.
“As the mandatory use of authenticated certificates and other physical tools is going to be eliminated, the combined use of biometric information will be on the rise,” said an official at the Korea Financial Telecommunications & Clearings Institute (KFTC). “But it is up to the banks and other financial institutions to use them.”
According to data compiled by the Korea Institute of Science Technology Research, the global biometric market is estimated to grow to $11.7 billion this year, doubling from 2012. Korea’s market is projected to be around $265 million, up from $151 million in 2012.
“As the volume of online financial transactions is expanding rapidly, demand for faster and safer self-verification tools is going to be higher,” a researcher at the institute said.
Irience is in talks with BC Card, securities brokerage firms including Mirae Asset Daewoo, and a smartphone manufacturer to use its iris recognition technology.
“There are three local companies with iris recognition technologies, but Irience’s is 10 times more accurate than competitors,” said Phyun Heung-kook, general manager of strategic planning at the company, citing the Korea Internet and Security Agency, which certified Irience’s algorithm.
“Currently, the three iris verification companies are working on standardization of the verification algorithms, which will help banks and other financial institutions apply the iris verification technology more easily and widely,” Phyun said.
Power Voice has developed a speaker verification algorithm based on the global fast identity online standard, known as FIDO. The company is a voice recognition program developer started in 2002.
“Just say, ‘Pay with my voice,’” said Jeong Hee-suk, CEO of the company, talking to his smartphone. “There are too many numbers to remember for one payment, and it is dangerous to save them in any kind of servers.
“Even when you lose your smartphone, no one can imitate your voice or the way you speak because everyone has different vocal tracts and speaking patterns,” he said.
The company has completed a beta test for the application of the voice verification algorithm with BC Card. The leading Korean credit card firm will launch a new service later this month.
Banks and other credit card firms are planning to adopt biometrics within the year.
However, issues regarding the use of bio information remain. There are concerns about the possibility of hacking or theft, and it is costly to store bio information in a safe manner.
The KFTC is set to open a server exclusively to store biometric information in October, which should accelerate biometrics in Korea.
“Banks and other financial companies will be able to resolve both the cost and hacking issues with the new server run by a public institution, and use of biometric information will expand across the industry,” the official said.
Meanwhile, the Korea Information Certificate Authority, the exclusive provider of the old authenticated certificate, signed an agreement with KTB Solution last week to start providing the Smart Sign Certificate service within the year.
“Signature is an international verification tool,” Kim said. “With the agreement, financial institutions will start adopting Smart Sign later this year.”
But some security experts remain skeptical about the security of biometric information, and say maybe passwords are not headed for the dustbin quite yet.
“Many reports and studies from the United States suggest using biometric information as a supplementary tool for existing passwords,” said Kim Seung-joo, an information security professor at Korea University.
BY SONG SU-HYUN [email@example.com]