Thursday, September 06, 2018

Authenticate a person through the telephone

We should use the NRIC widely to identify a person. This is an advantage of the Singapore system that should be kept.

The NRIC should not be used to authenticate a person. The authentication should be using a password and, if needed, a 2FA (two factor authentication).

We need a way to authenticate a customer of a bank or other commercial entity.

The NRIC can be used to identify the customer. What is a convenient way to authenticate the customer?

The banks use a cumbersome way. They ask several questions, including some troublesome one. One such question is - how many accounts do you have?

What can be done to simplify it?

It depends on the type of inquiry or transaction that the customer wants to make.

If the customer is making a general inquiry, such as the interest rate on fixed deposit, there is no need to authenticate the customer.

If the customer is asking about some account information, such as the maturity date or amount of a fixed deposit, a low level authentication should suffice. A good way is for the bank staff to call back the customer on the mobile phone.

There is the risk that the mobile phone may be stolen by a thief who is making the inquiry. But the information is not really critical.

Another way is for the customer to register a 6 digit PIN. This is a separate PIN from the PIN used in the ATM. This PIN is available for the bank staff to view to authenticate the customer.

For example, if I call the bank and quote my NRIC number (to identify the customer) and the PIN, it should be quite safe.

If a higher level of authentication is needed, the bank staff can call back the customer.

I hope that the people in charge of the Smart Nation can recommend some practical measures for banks and commercial companies to adopt in authenticating their customers over the telephone.

No comments:

Blog Archive