A Lesson In Smartphone Identity Verification From HSBC

June 1, 2020

A Lesson In Smartphone Identity Verification From HSBC

A lesson in smartphone identity verification from HSBC

HSBC has always been among the most stringent of the Big Four Banks when it comes to security.

While TSB only ask for two typed passwords and a user name on the desktop, HSBC require a customer ID number, password and a passcode generated by a secure keypad. Where Natwest requires only a PIN to log into their app, HSBC maintained the same level of security as on desktop (it’s worth noting right here that Natwest also tops the list of worst banks for dealing with fraud – with a 62% rise in complaints over the past year).

So it’s of little surprise that HSBC customers have been among the first to experience SCA. Switching from keypads to smartphones, customers now create a Digital Secure Key on their phone. From there on in, they either tap in their password or use their fingerprint to verify their identity. This multi-layered approach is one of the most secure ways to harness smartphone ID verification. But that’s not to say that mobiles are without their problems…

The (multiple) problems with smartphones…

47% of consumers (or an estimated 100.6 million mobile phone owners) experienced at least one ‘mobile change event’ in the last year (e.g. changing their number).

  • Phone numbers are recycled: activating a phone with a new number with the aim of receiving a recycled number currently linked to a victim’s account.
  • Intercepting SMS: intercepting SMS messages, such as two-factor authentication messages relaying one-time passcodes (OTP).
  • SIM cloning: copying a SIM from a victim so fraudsters can impersonate a subscriber on the network and receive their incoming communication.
  • SIM swapping: fraudsters trick the call centre adviser into deactivating an existing user’s SIM and activating a device in their possession; this allows them to hijack mobile communication.

Account takeovers have increased by 31% in the past year (a figure that continues to rise)

Despite the issues with mobile, the risks are easily outweighed by the benefits in boosted security, especially when used to provide biometric information such as facial recognition or fingerprint ID. And a good thing, too, as consumers now have a clear preference for mobile…

89% of consumers use mobile banking (this rises to a huge 97% when we’re talking about millennials)

This brings us to a final point about mobile identity verification – using it shouldn’t feel painful. If it’s to serve as the business asset it should, customers should expend only minimal effort to enjoy the boosted security that smartphone ID verification provides.