Mashreq releases v4 of Snapp banking app

Source: Mashreq. From left: iPhone and Apple Watch displaying Snapp screens.

Mashreq, the UAE financial institution, has upgraded the mobile banking app Mashreq Snapp. Snapp v4 can now be accessed using the secure fingerprint login option for iPhone, and can also now sync with the Apple Watch. A new layout is designed for ease of use.

Aref Al Ramli, Head of Electronic Business & Innovation, Mashreq, said: “We took a bold step in animating the application which will provide best in class user experience. Snapp has never been just a standard banking app; the fingerprint access and sync with the Apple Watch are proof of Mashreq’s ability to break boundaries and deliver the best of today’s mobile world to customers. We understand that time is precious and convenience is what everyone seeks, therefore, we have updated our app to offer our customers the most innovated service solutions that can be integrated and accessed with just one touch.”

The authentication process by fingerprint enhances security and makes the login process easier and faster, Mashreq notes, while the sync function for the Apple Watch allows customers to get the latest updates on their account at a glance. Information that can appear on the smartwatch includes Mashreq Card offers, Salaam rewards, locations of the nearest Mashreq branches or ATMs and the latest Mashreq news.

“The fourth and newest version of Snapp boosts a stylish new appearance as well. Brighter, more contrasted colours will help users monitor their finances easily and accurately across accounts, as information becomes more visible to the user,” Al Ramli added.

Interested?

Download the app

SingPass 2FA verification process simplified ahead of July deadline

SingPass users can now set up their two-step verification (2FA), a requirement for using the Singapore online ID, with greater ease and convenience, the Infocomm Development Authority (IDA) has announced. The process was previously more complex. 

If users do not set up their SingPass 2FA, they will not be able to perform sensitive government e-transactions, such as Inland Revenue Authority of Singapore (IRAS) tax filing and accessing Central Provident Fund (CPF) statements. 

From 5 July 2016, over 100 e-services by government agencies, such as the Ministry of Manpower (MOM), CPF, IRAS and the Accounting and Corporate Regulatory Authority (ACRA), will require 2FA to perform e-transactions. This means that in addition to their SingPass username and password, users will need to enter a One-Time Password sent via SMS or generated through a OneKey token.

Jacqueline Poh, Managing Director, Infocomm Development Authority of Singapore, said, "We are consistently improving our e-services to ensure that they are as user-friendly as possible, without compromising security, such as enabling users to activate their 2FA via SMS. We encourage all users to set up their SingPass 2FA early so that they can continue to perform their government e-transactions safely and without any disruption.”

To confirm that they have set up their 2FA, users can log into their SingPass account, click My Account, followed by Manage 2-Step Verification. If they have not set up their 2FA, they will be prompted to do so.

Interested?

The IDA said users only need to:

• Log into their SingPass account and click Set Up 2-Step Verification (2FA) under the Quick Links section 
• Register for SMS or OneKey token via the SingPass website – after which, a pin mailer that contains an activation code will be sent to their registered address 
• Send the activation code to 78111 via SMS, or log into Assurity’s website, to activate their 2FA 

There is a wait of up to seven working days for a pin mailer to activate their 2FA before they can perform sensitive e-transactions.

The future of banking may include screenless ATMs driven by mobile apps

EyeLock, a provider of iris-based identity authentication solutions, and Diebold, a global provider self-service technology, software and services, have teamed up on a screenless, self-service ATM concept  that is more compact than traditional ATMs. A prototype called Irving is currently being tested by Citibank in the US.

The design of the new concept ATM does not have a PIN pad, card reader, or screen. Instead, all transactions take place via a mobile app on the user's smartphone. In addition to near field communication (NFC) and quick response (QR) code technology, the new system uses iris scanning from EyeLock to identify the customer once at the ATM.

"EyeLock believes that the age of carrying plastic cards and remembering passwords is just about over and the era of unfettered personal access through biometric technology is just beginning," said Anthony Antolino, Chief Marketing and Business Development Officer for EyeLock. "For banking and other applications, EyeLock's iris identity authentication solutions are not only highly secure, but very easy to use."

According to Frank Natoli, Executive Vice President of Self-Service Technology at Diebold, customers sign into their banking app on their phone or tablet and determine how much money they want to take out. Once the withdrawal is input, they then go to any EyeLock-equipped ATM on the network to complete the transaction. They would simply approach the machine, which identifies them through NFC, scans the iris of his or her eye to quickly verify identity, and the ATM dispenses the correct amount of cash. The whole process takes less than half the time of a typical ATM transaction today - with Irving, cash withdrawals can be completed in less than ten seconds.

"While digital channels are evolving, cash will continue to play an important role in consumer transactions," Natoli said. "That's where Diebold comes into play – to bridge the digital and physical worlds of cash in unprecedented ways through cardless transactions, mobile integration and faster, more convenient access. The Irving concept embodies a new era of banking and puts the user experience at the top of the pyramid to connect consumers with their money when and how they see fit." 

Citibank is in the early stages of testing the high tech ATM and plans to roll it out are still to be determined. "At Citi, we are always looking for innovations that simplify and enhance the banking experience," said CitiFinTech CEO Heather Cox.

Hashtag: #CES2016

ESET champions two-factor authentication for SMB security

Security specialist ESET has warned that small to medium-sized businesses (SMBs) are easy prey for cybercriminals, as personal data can be stolen from them relatively easily. A recent study from Javelin Strategy & Research notes that stolen personal data is driving a multi-billion dollar industry.

"Cybercrime has evolved greatly over the last 30 years. It started with viruses and evolved to hacking and malware. Today, identity theft is one of the most damaging threats to businesses in the region," said Lukas Raska, COO of ESET Asia. "All it takes is a single breach to bring an entire business to its knees and cause a huge inconvenience for those who have trusted businesses to keep their data safe."

"More and more we are seeing SMBs being targeted by this kind of attack," said Parvinder Walia, Director at ESET APAC. "There are a number of reasons for this. Firstly, unlike their larger counterparts, SMBs generally have lower budgets for cybersecurity, making them a lot easier to penetrate for today's sophisticated and often well-funded attacker. They are also less likely to have personnel whose key role is to protect that data. SMB websites are also often less secure, making them an easy access point for cybercriminals."

Recent research from Verizon has revealed that two-thirds (67%) of breaches investigated occurred in smaller organisations (fewer than 100 employees), which were often small, independent franchises of larger firms.
 

"It might look like hackers have a lot less to gain from hacking small businesses; however, in many cases, SMBs are in fact low hanging fruit, offering an easier and quicker way to access a much larger pool of vendors, partners, customers and more," said Walia.

Two-factor authentication, also known as 2FA, is a dual-step verification process that requires users to input not only a password and username (something known) but also a one-time code from devices such as mobile phones or secure tokens (something owned).

While a strong password may go some way in resisting brute-force attacks, one-time passwords generated by a 2FA system are randomly generated and cannot be predicted or reused, effectively adding another layer of protection during login.

"Given the limitations of password-only systems for SMBs, 2FA is presently the most ideal option for SMBs to reduce the risk of having their data stolen without the need to break the bank. Unlike large, complex and costly security architecture, 2FA serves as a scalable and cost-effective way to protect SMBs and their customers from identity and data theft," added Walia.
"2FA remains one of the most cost effective options for SMBs and other businesses, to protect against the loss of critical personal data that can lead to identity theft. The real cost of each breach is immeasurable, especially when there is loss of intellectual property, damage to the brand or disruption to the business. It's also critical however for businesses to make sure they have the correct organisational structures and protocols in place to further enhance security levels, no matter the size of their organisation," agreed Raska.

Walia noted that there is no 'magic bullet' against attacks, however. He recommends that SMBs exercise additional precautions in combination with 2FA in order to minimise the likelihood of a data breach, including:

* Making sure employees, partners and vendors, who are an organisations' front line in security, are aware of the relevant protocols in keeping their network secure, including the responsible use of social media and enterprise applications 

* Installing an effective endpoint security system that includes antivirus and anti-spyware software and a robust endpoint encryption solution that scrambles data on USB and optical media, emails, attachments and laptop hard drives 

* Empowering a member of staff to take charge of data protection as part of their role 

* Ensuring that all security software is up-to-date