TEMPO.CO, Jakarta - PT Indonesia Digital Identity (VIDA), a digital identity provider, has launched a new authentication technology to safeguard digital transactions in the banking and other financial services sectors. VIDA Group's founder and CEO, Niki Luhur, stated that this innovation is a response to the increasing cases of fraud using the Account Take Over (ATO) modus operandi.

"This launch is in line with VIDA's latest whitepaper findings revealing that 97 percent of companies in Indonesia have experienced an Account Take Over incident in the past 12 months, mostly caused by phishing and smishing attacks," said Niki during the presentation of the 'authentication and account takeover situation in Indonesia' research at Lavva Plaza Senayan, Jakarta, on Wednesday, February 5, 2025.

Account Take Over (ATO) is a cybercrime that illegitimately seizes user accounts. The perpetrators use stolen usernames and passwords to access the victim's account.

Through the research, Niki found that ATO fraud is rapidly increasing due to the lack of digital literacy among users and the weak security measures by service providers. According to her, traditional verification methods currently used such as Short Message Service (SMS) or One-Time Password (OTP) are no longer effective in combating present digital threats. Niki mentioned that the OTP method is outdated for countering new forms of crime.

"Furthermore, security systems like OTP are already 30 years old. Imagine fighting modern enemies with ancient weapons," she said.

Building on this research, Niki concluded that Indonesia needs stricter authentication technology that cannot be accessed by any malware. Therefore, she and her team developed an authentication technology named VIDA. Unlike OTP, which merely generates a 6-digit unique code and sends it via SMS, email, or mobile apps, VIDA verifies account ownership by combining biometric and cryptographic technologies simultaneously.

Niki explained that account owners who intend to make transactions or simply open an application must pass through two stages: Phone Token and Face Token. Phone Token is a cryptography key bound to the user's device. This method eliminates the risk of attacks exploiting SMS-based OTP by not sending one-time passwords.

Furthermore, users also have to pass a face token to access digital financial services. Face Token combines Public Key Infrastructure (PKI) with facial biometrics and activity detection. This feature ensures only legitimate users can access the account.

"Users have to show their face first to access the service. Only the genuine owner has access to their own face, making it impossible for malware to take over," Niki explained.

Niki hopes that many institutions and financial services will adopt this innovation, especially industries handling high-value transactions like e-commerce platforms, insurance providers, and multi-finance institutions.

Editor’s Choice: As Online Lending Grows, So Too Does Cybercrime

Click here to get the latest news updates from Tempo on Google News