Mr Chai Chin Loon: Depending on the service providers' footprint and usage, it is estimated that they can also enjoy significant cost savings by leveraging Assurity's 2FA services.

National Authentication Framework (NAF) operator Assurity Trusted Solutions Pte Ltd was set up as a wholly-owned subsidiary of the Infocomm Development Authority of Singapore (IDA) in February this year. As it ramps up its services, its Chief Operating Officer Mr Chai Chin Loon, talks about how the NAF is offering service providers and consumers with a convenient, trusted and cost-effective means to secure their online transactions using Second Factor Authentication (2FA).

What are some of the major security challenges facing organisations today?
Attacks against online transactions are continuously increasing in frequency and sophistication. Keyboard loggers who steal one's password used to be the mainstay of attacks, but now the more sophisticated man-in-the-middle attacks are increasingly common, the most recent example being SpyEye, a malicious software that steals money from people's online bank accounts. SpyEye harvests credentials from online accounts and also initiates transactions right under the noses of logged-in users.

How does the NAF help address these challenges?
The NAF is a key programme under the iN2015 Masterplan which aims to deploy a nationwide platform for strong authentication. OneKey, Assurity's 2FA security device, was launched as part of the NAF programme. It includes three security functions - one-time password (OTP), challenge-response, and transaction signing. Typical 2FA transactions based on just OTP, either through a hardware token or SMS, can still be exploited by man-in-the-middle attacks in which a cybercriminal eavesdrops on the communication between the organisation and its customer. Transaction signing will require users to key in their transaction details, which provides an additional layer of security to detect any changes to the transaction details. One can imagine the transaction signing in OneKey to be like signing an online cheque.

How can organisations benefit from NAF?
All service providers can offer their end users the enhanced security and convenience of using just OneKey for two-factor authentication under the NAF programme. These include organisations such as banks, securities trading firms, healthcare organisations, ministries and statutory boards. As the NAF programme provides the first OneKey to qualified citizens and permanent residents for free when requested, and subscription fees for service providers are waived for the first two years of operations, organisations are encouraged to make use of NAF to improve the security of their online services.

OneKey, Assurity's 2FA security device, was launched as part of the NAF programme.

Depending on the service providers' footprint and usage, it is estimated that they can also enjoy significant cost savings by leveraging Assurity’s 2FA services instead of building their own in-house 2FA systems. Assurity can obtain such cost-effectiveness because we aggregate demand and achieve economies of scale through the use of a common strong authentication infrastructure. Another benefit is the convenience to their end users who can use just OneKey to access multiple online platforms.

How is Assurity driving the adoption of OneKey?
Our strategy is two-pronged – we will encourage service providers to adopt OneKey for the convenience and enhanced security of their end users. We are currently in discussions and testing with various organisations such as banks and securities trading firms. Thus far the response has been encouraging.

We will also raise awareness among end users of how they can better protect themselves against online fraud and identity theft with OneKey. To this end, we have planned a lunchtime roadshow at MapleTree Business City on 12 December 2012. A series of corporate talks and roadshows aimed at raising awareness of Internet security matters and OneKey have been planned for 2012. We have also launched a social media campaign on Facebook at www.facebook.com/okonekey comprising quizzes and a nationwide survey to stimulate discussions among Singaporeans about the security of their everyday online transactions.