Over 60% in SEA want SMS OTP in every e-payment transaction: Kaspersky

• 67% users of digital banking, e-wallet apps prefer OTPs through SMS 
• 57% of respondents want two-factor authentication, 56% want biometric security features

A recent Kaspersky research showed that e-payment adopters in Southeast Asia (SEA) are becoming increasingly aware of the importance of safeguarding their financial data amidst the rapid rise of digital payment use in the region. 

Additionally, they are clear on the additional security features they hope to see implemented by banks and mobile wallet providers here, moving forward, the cybersecurity firm said, in a statement. 

Titled “Mapping a secure path for the future of digital payments in APAC”, the study discovered that over three in five (67%) users of digital banking and e-wallet apps in SEA prefer the implementation of one-time-passwords (OTPs) through SMS for every transaction.

The majority of the respondents also want to see the implementation of two-factor authentication or 2FA (57%) as well as biometric security features like facial or fingerprint recognition (56%), the survey indicated.

The implementation of OTPs is the top priority for consumers in most SEA countries, including Indonesia (67%), Malaysia (66%), The Philippines (75%), Thailand (63%), and Vietnam (74%), except Singapore where two-factor authentication is the most urgent concern (65%), it added.

Digital payment customers also welcome the use of machine learning in combating social engineering attacks, with almost half (40%) stating that companies should start preventing frauds/scams automatically based on spending behaviour and/or transfer history, it said.

In addition, the research highlighted that over a quarter (28%) also said tokenisation, the process of protecting sensitive data by replacing it with an algorithmically generated number called a token can also augment the security of mobile banking and e-payment applications in the region.

Yeo Siang Tiong (pic) general manager for Southeast Asia at Kaspersky said SEA's sheer market size in terms of digital payment offers a lengthy runway for expansion. 

“In a competitive sector, payment companies should be assessed not just on their innovations, but also on their security posture.

“We can draw from our findings that customers are increasingly becoming aware of the value of technology to protect their finances online.

“In general, these security features are useful preventive measures that can potentially enhance the cybersecurity standards in the digital payments space.

“However, these options should not be viewed in an isolated manner, but considered as part of a holistic cybersecurity framework,” he said.

The usage of two-factor authentication, for example, has its limitations, particularly when it comes to SMS-based authentication, he said.

Password-bearing SMS messages can be intercepted by a Trojan lying inside the smartphone, or by a defect in the SS7 protocol used to transmit the messages, making SMS-based 2FA unreliable at times, Yeo added.

In such cases, Kapersky said it would be advisable to employ self-contained authenticator apps, with SMS being used only as a last resort to limit a company's vulnerability to data breaches.

It added, with the complicated nature of securing apps and finances online, it is not surprising that over three in five (65%) of the respondents said that banks and mobile wallet companies should provide more incentives to maintain the security decorum such as changing passwords regularly. 

Another 60% noted that providers should educate users more about the threats online.

When it comes to choosing a mobile e-wallet provider, security remains a priority for digital payment users in SEA, the company said.

More than half (58%) said they will use an e-wallet that includes extra security features like fingerprint and 2FA while more than a third (37%) said they will use banking apps or mobile wallets from providers that have not been engaged in any previous data breach or cybersecurity attack, the survey stated.

It noted that a number of respondents also noted that mobile e-wallet has to be independent and can be used directly by a bank or through a third party (42%) or a closed one linked to specific merchants, where users can only use the funds to make payments for transactions initiated with the specific merchant (35%).

Other sets of considerations in choosing a digital wallet company which includes apps should offer promos, cashback, lower transfer fees (49%); provide anonymity so users don't need to reveal credit card details to too many merchants (35%); be bankless – bank account details not needed (25%); and be locally made (16%), the research indicated.

Yeo said in order to develop a long-term and sustainable growth strategy, digital payment companies need to take into account some of the wants and needs of their users. 

“Our study showed how customers are increasingly holding digital payment providers accountable to the security of their finances online so we suggest companies to determine the cybersecurity gaps in each stage of their payment process, and fit in the right IT measures in a calibrated manner,” he said.

To read the full report, please visit https://kas.pr/b6w8

The Kaspersky study was conducted by research agency YouGov in key territories in APAC, including Australia, China, India, Indonesia, Malaysia, Philippines, Singapore, South Korea, Thailand and Vietnam (10 countries).

The survey responses were gathered in July 2021 with a total of 1,618 respondents surveyed across the stated countries with respondents ranging from 18-65 years of age, all of which are working professionals who are digital payment users.