Secure Mobile Banking

©Veridium IP, Ltd. All Rights Reserved

Secure Mobile BankingWith Biometrics

B E F O R E W E B E G I N

Attendees have been muted

You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session


V E R I D I U M I N T H E W O R L D


David van DammePartnerships & Business

Developmentbunq

• Holds degrees in marketing management and international law

• Worked as a key account manager for Henkel before joining bunq

• Helps develop key partnerships at bunq to drive consumer-focused development



Asem Othman, PhDBiometric Scientist

• PhD in Electrical Engineering from West Virginia University. Post-Doc Fellow at Michigan State University

• Holds 3 patents/patents pending related to biometrics

• Lead scientist behind our 4 Fingers TouchlessID technology & Distributed Data Model using Visual Cryptography



• How we use biometrics for mobile security

• The challenge of securing mobile banking transactions

• Why bunq chose biometrics for user authentication

• The advantages of 4 Fingers

AGENDA

bunq goes beyond money.

That is why we bank different.

We focus on your great night out and cater to it.

• Our story

• What is bunq?

• Building solutions together

• Partnership with Veridium

• Why 4 Fingers?

Our Story

We receive our banking

license from the DNB

September 2014 January 2016

We launch IDEAL payments

with QR-codes

November 2016

Public beta: new features

Chat & Connect

March 2016

Business accounts launch

Minors accounts launch

with approval

April 2016

Our Story

Our Story

V2: quicker on-boarding

and many new features

May 2016 October 2016

Our own Maestro/Mastercard

connection

August 2016

First launch with an

innovation partner

November 2016

V3: Completely new design

Launch of a new app: Slice!

November 2016

More to come in

2017 :)

Social We make money social. Tuned in on group interactions.

Real-time We make money instant, with real-time transactions and settlement.

Banking license We provide security to all partners & customers. No fooling around.

Innovative We develop constantly to meet consumer wishes.

Software based We are software based so no need to invest in new hardware.

“We are not just a payment solution,

we create value propositions beyond money.”

What is bunq?

Building Solutions Together

Face vs. 4 Fingers

Main Benefits:

• Compatibility across devices [front vs. back camera]

• User threshold [selfie vs. ‘handy’]

• More control - dependency on external factors decreased

4 Fingers

User Feedback:

• “I prefer hand recognition because it always works!”

• “I like how it doesn’t attract weird looks, versus a selfie.”

• “It’s just cool!”

4 Fingers

Statistics:

• Amount of complaints of biometric ‘failure’ has dropped

significantly, about 80% - 90%

• 78% of users select 4 Fingers as their preferred authentication

method

• Amount of attempts before a successful authentication decreased

significantly

P R O V I N G I D E N T I T Y

Passwords only authorize access, while

authentication is the process of verifying the

claim that identity makes.

Identity is the “claim” you make to access information, but making that claim with a password doesn’t prove who

you are.

Only biometrics – your face, your voice, your fingerprints – prove you are who you say

you are.


We provide all the components necessary for a complete, end-to-end biometric

authentication solution that is flexible, secure, and enterprise ready.


• Matching on the device (FIDO compliant) or on the server

• Vectors stored on device, server, or distributed between the two

• IOS, Android, and Windows platforms

• Multiple plug-and-play biometric library

• Hosted on premise or in the cloud

• 2-way SSL communication between device and server

• Visual Cryptography for secure storage of biometric data

• Solution deployment scripts are obfuscated for additional security

• Integrates with Active Directory, Radius, LDAP, SAML, and NetScaler

• Admin dashboard for analytics and reporting

• Customer support

• Built on an open standard called IEEE 2410, supported by a working group which continues to advance this standard, future-proofing your investment


4 Fingers TouchlessID is a significantly more reliable biometric than other mobile-based solutions.

Capturing all four fingerprints at once increases the complexity of the data collected, enhancing overall security.

4 Fingers TouchlessID doesn’t require any additional hardware beyond a 5MP camera and LED flash, which nearly all smartphones already have, making it ready to deploy.



• Universality (Does every user have it?)

• Distinctiveness (Is it unique across users?)

• Permanence (Does it change over time?)

• Collectability (Can it be measured quantitatively?)

H O W T O C H O O S E A B I O M E T R I C T R A I T


• Performance (Does it meet error rate, throughput..?)

• Users Perception and Acceptability (Is it acceptable to users?)

• Vulnerability (Can it be easily spoofed?)

• App Integration (Can it be acquired by available devices?)

• Large-Scale Adoption ”Usability” (What is the post-usage attitude?)

H O W T O C H O O S E A P R AC T I C A L M O B I L E B I O M E T R I C T R A I T


• Multimodal Biometric system

• Consolidate the evidence presented by multiple biometric sources.

• Typically provides better recognition performance compared to systems based on a single biometric modality.

• Provides anti-spoofing measures by making it difficult for an intruder to spoof multiple biometric instance simultaneously.

Patent US 9,361,507


• False rejection rate (FRR) is as low as 1% at false acceptance rate (FAR) of 0.01%.

• 4 Fingers has its own light source (your phone’s flash) so it works in any lighting

condition

• 4 Fingers requires no external hardware.

• We just require a 5MP camera and LED flash.

• 4 Fingers is one of the most secure biometrics available.

4 Fingers is reliable in almost any environment


CO M PA R I S O N O F T O P “ M O B I L E ” B I O M E T R I C T E C H N O LO G I E S

(H=High, M=Medium, L=Low)

Biometrics Universality Uniqueness Permanence Collectability Performance Acceptability

Face H L M H L H

Fingerprint M H H M* H M

Iris H H H M* H L*

Voice M L L M* L H

4 Fingers TouchlessID*

H H H H H H

(H=High, M=Medium, L=Low)

Circumventions(Presentation

Attack)

H

M

L

H

L

Anil K. Jain, Arun Ross, and Salil Prabhakar. "An introduction to biometric recognition." Appeared in IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004.


PRIVACYAND

SECURITY RISKS

• Biometric data of an individual is often stored in a central database

• Raises issues related to security and privacy of biometric data

• Unlike compromised passwords, it is difficult to re-issue biometric data

• Cross-database matching may be done to track individuals

P R E S E R V I N G D ATA P R I VAC Y


O U R S T R AT E G Y – D I S T R I B U T E D D ATA


M AT C H I N G – M O B I L E / S E R V E R


• Visual Cryptography Scheme (VCS) is a simple and secure way to allow the secret sharing of secrets without any cryptographic computations.

• It is the encryption of visual information such that decryption can be performed using the human visual system.

• Someone who has no previous knowledge of Cryptography.

• The mathematical proof of this scheme and its perfect encryption are shown in the original paper by Naor & Shamir.

* M. Naor and A. Shamir, “Visual cryptography,” in EUROCRYPT, pp. 1–12, 1994.

V I S U A L C R Y P T O G R A P H Y


V I S U A L C R Y P T O G R A P H Y


SEE IT IN ACTION

www.VeridiumID.com/bunq

For more information contact: [email protected]

Phone: +1 877.301.0299 • www.VeridiumID.com • Twitter: @VeridiumID • LinkedIn: Veridium

UPCOMING WEBINAR

March 23, 2017

mailto:[email protected]

For more information contact: [email protected]

Phone: +1 877.301.0299 • www.VeridiumID.com • Twitter: @VeridiumID • LinkedIn: Veridium

QUESTIONS?

mailto:[email protected]