Preventing Unauthorized Access: Liquid's Innovative Security Plan for Online Securities Accounts

Liquid's Innovative Security Plan to Combat Unauthorized Access

Liquid, led by CEO Takaki Hasegawa and headquartered in Chuo, Tokyo, has launched a groundbreaking initiative to strengthen security measures within the securities industry. This comes in response to alarming trends of unauthorized access and fraud, which have collectively exceeded 300 billion yen over the last four months. The new plan uniquely combines biometric authentication with a binding technique that securely links the account holder's smartphone or PC to their identity.

Background: Rising Fraud in the Securities Sector

The Japanese Financial Services Agency recently reported a surge in fraudulent transactions, with unauthorized trading amounts rapidly rising since January. Cybercriminals are increasingly resorting to phishing and malware strategies to hijack online securities accounts, executing unauthorized trades under the guise of legitimate users. This has resulted in significant losses for individuals whose accounts have been compromised.

The Challenge: Risks Associated with One-Time Passwords

In light of these threats, the securities industry is adopting multi-factor authentication methods, including one-time passwords (OTPs). However, the challenges associated with these methods are becoming evident, as they are also vulnerable to phishing attacks. Reports indicate a substantial rise in fraudulent transfers, especially due to real-time phishing of both traditional passwords and OTPs. Notably, the U.S. National Institute of Standards and Technology (NIST) has classified these practices as risky and advised against their usage in high-risk scenarios. Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) has also highlighted the inherent vulnerabilities of SMS-based OTPs, advocating for alternatives that exhibit phishing resistance, such as FIDO standards.

Introducing Liquid's Solution

Liquid's new security plan integrates passwordless authentication through passkeys with biometric verification. The system provides a seamless login process, allowing users to authenticate through facial or fingerprint recognition rather than relying on traditional usernames and passwords. This approach not only enhances user convenience but also strengthens defenses against phishing attempts.

How the Passkey System Works

The passkey system identifies legitimate users based on information registered on their smartphone or PC, allowing easy access through biometric methods. The user experience mimics that of unlocking a phone, thus minimizing complexity while maximizing security.

What Is Binding?

Binding plays a crucial role in this security framework. It ensures that when a user registers a passkey or switches devices, their real identity is confirmed against previously verified data, such as name, date of birth, and biometric data. By cross-referencing these data points, Liquid effectively deters malicious actors from misusing stolen credentials to register passkeys on unauthorized devices. The verification technology stems from ELEMENTS Group's experience with over 130 million identity confirmations, enhancing the reliability of the binding process.

Binding Techniques

Liquid offers two binding verification methods:
1. IC Chip Validation: This method reads the IC chip from identification documents like driver’s licenses or my number cards to verify personal details against those registered during account creation.
2. Facial Recognition: Users can authenticate their identity through selfies, which are then matched with previously registered facial images, ensuring consistency and security.

Pricing and Availability

The cost for utilizing the passkey system starts at just 1 yen per user per month (excluding tax), making this advanced security solution accessible to a broad audience of investors.

About Liquid

Liquid, established in December 2018, focuses on biometric data and behavior analysis, offering advanced solutions such as LIQUID eKYC, LIQUID Shield, and LIQUID Auth. Their services contribute to a safer and more secure online financial landscape, particularly in the realm of securities transactions. For further information, visit the Liquid website.

Conclusion

Liquid's innovative approach to combating unauthorized access within the securities industry sets a new standard for security. By blending biometric authentication with robust binding methods, Liquid is paving the way for a safer environment for online investors, ensuring that their assets remain protected against the rising tide of cybercrime.