OTPs Beware: The Era of Passkey Security is Here

G+D, which has been in business in India for more than 20 years, has developed along with the payment ecosystem to provide safe options for both digital and physical transactions.

With a rise in contactless transactions and modifications to consumer behavior, the COVID-19 pandemic has had a substantial impact on the uptake and trust in digital transactions. For people who are not familiar with digital technology, pins, passwords, and one-time passwords (OTPs) are not very safe. Instead, FIDO passkey technology provides a more reliable option.

Giesecke+Devrient (G+D) is a company that provides digital security services, currency technologies and financial platforms.

They concentrate on card-based and digital payment solutions, which are the two forms of payment that customers are using more and more. The business expects physical and digital transactions to converge, with the lines between the two becoming increasingly hazy. G+D is now a one-stop shop for digital payment services, providing excellent user experiences and extremely safe solutions. For instance, G+D improves the security and ease of use of e-commerce for customers.

The German business G+D is based in Munich and has offices for currency technology, card personalization, worldwide software development, and sales and support in Pune, Gurugram, Chennai, and Mumbai. For more than 20 years, the company has operated in India.

G+D started collaborating with the Central Bank in 1999, following the implementation of the clean note policy. They provided the RBI with banknote processing equipment so they could verify the notes’ quality and authenticity. Later, they expanded their services to include commercial banks. The note sorting devices used in the money chests are manufactured by G+D. As the payment ecosystem developed, the company launched new services both in India and internationally.

The pandemic’s impact on the landscape of digital transactions

The Head of Digital Solutions at G+D, Tapesh Bhatnagar, discussed the state of digital payments in India with us. Our initial inquiry concerned how the COVID-19 epidemic was affecting online purchases.

“We all went through it not just as a solutions provider, but also as users. We could see that there was a surge in contactless transactions in India as well as across the globe. All the payment forms which were created by the government and by the banks before the pandemic, really got an upsurge. So we all know about UPI, so the upsurge of UPI usage actually happened during the pandemic.”

–  Bhatnagar

In addition to accepting digital payments, users in India become accustomed to utilizing the technology.

“What is also important to note as far as the pandemic is concerned is the behavioural change which has happened as far as digital payments are concerned among the people of India. Smartphone penetration is at a very high level, and people were able to make payments to merchants through QR codes. They have developed the trust in the technology, in the process. Today, a lot of people can just walk out of their homes without even carrying a wallet. This is a behavioural change that has happened. This change has come about because of the pandemic, when people were forced to use contactless payments.”

– Bhatnagar

OTPs, PINs, and Passwords are shared secrets.

The fact that those who are unfamiliar with digital transactions may not completely comprehend the risks they face is one of the main issues with them. Users may find it difficult to distinguish between the genuine and fraudulent messages they receive, as they are inundated with messages via SMS and instant messaging apps.

Message links can be used to download malware, such as ransomware or spyware, which can subsequently be used to take advantage of the user. Improving client awareness is not the only method to address the issue; fraud may be prevented by implementing better technologies.

 “The adoption has occurred among a varied segments of users, who have their own levels of awareness as far as best practices and security is concerned. Banks as well as regulators are spending a lot of money in advertisements to create this awareness among the general public. That is one way. What we have also taken into account is that some of the technologies which have been implemented are rather weak. We are talking about passwords, PINs, OTPs, these are shared secrets, which can be intercepted in between, and can easily be phished. While there was a good adoption which was happening, these innocent people who were joining the digital bandwagon for the first time, they were getting defrauded. So it is important for organisations to get model forms of authentications, which are possible, and which are becoming global now. We can look at that and adopt that for different use cases and different segments of people, and then create a better customer experience, as well as a better overall security framework.”

– Bhatnagar 

An open standard passkey technique that has been under development for more than a decade is called Fast IDentity Online (FIDO), and it can give credentials that are resistant to phishing attempts.

Among the companies that make up the FIDO alliance are Amazon, Apple, Google, Intel, Infineon, Mastercard, Meta, Microsoft, Lenovo, Qualcomm, Samsung, Visa, Trustkey, and LastPass.

The FIDO collaboration includes technology firms, original equipment manufacturers, chip producers, and banking services. The fact that FIDO has no shared secrets sets it apart from other technologies, and it is gaining traction globally.

 “In India, people are also looking at it (FIDO). Hopefully, they adopt it sooner rather than later, to give a better customer experience to the user, and save them from account takeover kind of frauds.”

– Bhatnagar
  • Tags :

Recent Posts

Tags

  • No tags found.