A cashless, secure digital economy is supposed to herald more convenience for us consumers. It’s a hassle to remember multiple passwords, especially with the numerous sign-ins needed to book a taxi, get food delivered, shop online and transfer money. This is why announcements from Asian banks and financial institutes (BFSIs) on biometric developments are music to my ears. A few examples:
- Singapore announced the trial of a National Digital Identity Facial System.
- Indonesia’s Permata Bank became one of the first to introduce voice biometrics as part of its customer authentication protocol.
- Thailand is rolling out digital currency and distributed ledger technology (DLT) to enhance efficiency in the Thai financial market.
As Asian governments and BFSIs start implementing biometrics, it is vital to consider if this method of payment will go mainstream fast enough. In the meantime, there is a yawning gap between our relentless push for a cashless economy and careless user behavior.
The Cyber Hygiene Risk
VMware’s Banking Consumer 2020 survey revealed that 83 percent of consumers in Southeast Asia store sensitive financial data on online services, apps and subscriptions. Despite the rising uptake in cashless methods, poor cyber hygiene is rampant in the region:
In fact, Singapore has the lowest cyber hygiene, with 45 percent of respondents saying they use the same password and login.
As consumer cyber hygiene slips, enterprise cybersecurity must improve. The onus for securing data and financial information rests on payment operators, banks, financial services institutions and any other holders of vital data.
Building a Secure Foundation for the Cashless Digital Economy
On the front end, enterprises use basic cyber hygiene methods (patching, encryption, multi-factor authentication) to secure mobile access to digital wallets and financial information. But they also need to pay attention to security at the backend.
The current network infrastructure cannot address the security needs of an incoming explosion of connected devices and things, as well as the exponential growth of e-payment. To bolster network security, enterprises can adopt the principle of “least privilege.” This new approach leverages newer technologies, like virtual cloud networking, to achieve an intrinsically secure architecture. Let’s use an example from one of my favorite novels.
In the book Ready Player One, the protagonist hacked into a large organization’s database of sensitive information via his access to the company’s entertainment program. In this case, least privilege was not adopted, as his credentials provided much access than needed to watch TV. In our real world, such wide-open network access is all too common. Because of this, attackers can access funds and data via this method.
In addition to access, the traditional approach to security also needs to change. Going after the bad actors in the system is akin to searching for a needle in a haystack. For example, the current method of chasing after arbitrary forms of malware is, in most cases, a losing proposition, as many types of malware have the primary goal of escaping detection. A better approach is to focus on “known good”—ensuring that the code running on enterprise systems is the correct code that was provisioned to run, and nothing more.
These algorithms can be trained with reference datasets to monitor known-good behavior. It can then alert or take other pre-emptive actions when unexpected behavior is observed.
A Promising Future for the Secure Digital Economy in Asia
As we step into an IoT and hyper-connected future, the number of connected devices with access to our bank and payment details will rise. BFSIs, e-payment operators and governments must approach security as an integral part of their infrastructure, not bolt security on as an afterthought. For consumers, we get the convenience promised by the cashless economy. For businesses, we get the security that protects growth, establishes trust and builds a future of possibilities.