ShopeePay, Gojek, and Grab Use Biometric to Increase Security

A payment technology (fintech) company, ShopeePay, launched a biometric-based security feature, facial and fingerprint recognition. This was first implemented by Gojek and Grab. Alfons Tanujaya, a cybersecurity expert at Vaksincom, said this feature increases the security of the digital platform.

However, “this will be effective as long as security methods such as One-Time Password (OTP) codes and SMS are properly maintained and data is not leaked,” he said, Monday (26/10). Therefore, users need to be educated on the importance of maintaining data “If fraudsters take advantage of social engineering modes, there will still be hacks (if consumers are careless),” he said.

Meanwhile, a cybersecurity researcher from the Communication Information System Security Research Center (CISSReC) Pratama Persadha said the adoption of biometric features shows an increase in security standards. However, facial and fingerprint recognition data need to be maintained.

“The data is stored on each user’s device. Does it need to be uploaded to the platform server? Maybe it’s different in each company,” said Pratama, last weekend (22/10). “Don’t let the data leak.”

Can Recognize User Habits

The biometric feature also uses an algorithm that can recognize user habits, so it must be secured. “This data is used as a password, so it must be encrypted,” he said. In addition, he agreed that users need to be educated regarding the security of personal data. “This is because the practice of deception with social engineering is still quite large in the country,” he said.

Based on research by a technology company from the United States (US), Microsoft, the mode of cybercriminals has become increasingly sophisticated in the past year. The technique is opportunistic, adjusting the theme of the feed to the attention of the world community, such as sending a link titled the corona pandemic.

Perpetrators began to switch from malware to attacks with social engineerings, such as fraud or phishing. Some of them send emails with displays that mimic well-known brands like Amazon, Apple, and Zoom. Therefore, Microsoft assesses that the company must pay attention to application security from the endpoint, network, to the user.

Meanwhile, a report from The International Criminal Police Organization (Interpol) in 2020 shows that Southeast Asia has been targeted by cybercriminals using social engineering, also known as psychological manipulation (magical). The police also noted that there were 649 reports related to online fraud since the beginning of the year.

In the midst of the Covid-19 pandemic, fraud with a magical mode is also on the rise. Based on the ISACA report entitled Global State of Cybersecurity 2020: Threat Landscape and Security Practices, cybercrime with a magical mode reaches 15% of the total.

Many Companies Increase Security amid the Increasing Fraud Mode

Amid the increase in online fraud, ShopeePay launched a facial and fingerprint recognition feature last week. This adds to the existing security system, namely the OTP code, PIN, and automatic notification.

Gojek also applies it similarly by relying on artificial intelligence (AI) to algorithms. AI learns user habits. From the info studied, AI identifies various sorts of illegal use of applications. The face verification feature is claimed to ensure the suitability of driver-partner data and knowledge.

It can also increase the security of partner accounts from potential abuse. For merchant partner accounts, Gojek applies layered security, namely PIN, OTP code, and GoBiz user management features.

A number of these technologies were developed considering that Gojek has more than 20 services, one of which is related to finance, namely GoPay. The application has also been downloaded 190 million times, which is an illustration of the number of users. Meanwhile, the number of driver-partners is two million and sellers are 500 thousand more.

Grab first launched a face verification feature last year. They also provide an emergency button, share travel information, report safety issues, emergency assistance, and Free Call (VoIP). Decacorn from Singapore also adopted AI. This Singapore-based on-demand service provider is implementing Grab Defense to mitigate the risk of cybercrime, including magical fraud.