Cybercriminals have already found ways to crack the SS7 protocol; while respondents were too reliant on e-vendors to protect their monies.
In a regional survey of 1,618 respondents in July 2021 across Australia, China, India, Indonesia, Malaysia, the Philippines, Singapore, South Korea, Thailand and Vietnam regarding attitudes towards online payments, customers were increasingly holding digital payment providers accountable to the security of their finances online, with 60% indicating that banks and payment companies should provide more incentives to encourage users to maintain good cybersecurity practices.
During the survey period, e-payment adopters in South-east Asia (SEA) were increasingly aware of the importance of safeguarding their financial data amidst the rapid rise of digital payment use, and 67% of respondents who used digital banking and e-wallet apps preferred the implementation of one-time-passwords (OTPs) through SMS for every transaction.
The overall findings include:
- 57% of respondents wanted to see the implementation of two-factor authentication (2FA), while 56% wanted to see biometric security features such as facial or fingerprint recognition
- Implementation of OTP processes was most favored by respondents in the Philippines (75%), followed by Vietnam (74%), Indonesia (67%), Malaysia (66%) and Thailand (63%).
- In Singapore, two-factor authentication was the most urgent concern (65%).
- 40% of respondents had indicated that firms should start preventing fraud/scams automatically based on spending behavior and/or transfer histories.
- 28% of respondents indicated that ‘tokenization’ could augment the security of mobile banking and e-payment applications.
- 65% of respondents indicated that firms should provide more ‘incentives’ to users to change passwords regularly; 60% indicated that e-commerce providers should educate users more about the online threats.
- 58% of respondents indicated they would use an e-wallet if it included extra security features like fingerprint and 2FA; 37% indicated they would use banking apps or mobile wallets from providers that have not have been engaged in any previous data breach or cybersecurity attack.
- For mobile e-wallet security, 42% of respondents preferred those that can be used directly by a bank or through a third party, while 35% preferred a closed e-wallet linked to specific merchants, where the funds are only usable for transactions initiated with those specific merchants.
According to Yeo Siang Tiong, General Manager (SEA), Kaspersky, which commissioned the study: “In a competitive sector, payment companies should be assessed not just on their innovations, but also on their security posture. We can draw from our findings that customers are increasingly becoming aware of the value of technology to protect their finances online. In general, these security features are useful preventive measures that can potentially enhance the cybersecurity standards in the digital payments space. However, these options should not be viewed in an isolated manner, but considered as part of a holistic cybersecurity framework.”
Yeo cited how 2FA has its limitations: password-bearing SMS messages can be intercepted by a trojan malware hiding inside the smartphone, or by a defect in the SS7 protocol used to transmit the messages, making SMS-based 2FA unreliable at times. “In such cases, it would be advisable to employ self-contained authenticator apps, with SMS being used only as a last resort to limit a company’s vulnerability to data breaches,” he said.