Local telcos' support for Mobile Connect laudable

Last week, Singapore's Big Three telcos announced plans to jointly support Mobile Connect (MC), a global authentication standard that will allow their customers to access online services with just their mobile numbers.

It offers a simple and secure way for mobile users to sign in to websites and apps.

Using only one's cellphone number and cell phone to verify one's identity, MC decisively removes the need for usernames and passwords.

Its advantages are plain to see - and its potential is immense and far-reaching.

MC could majorly transform online transactions in banking, e-commerce, telecommunications, entertainment, government and travel services.

Solving a real problem

Just imagine the number of websites and apps you won't be able to access without usernames and passwords.

It's frustrating, MC says in its online pitch, that the more we use the Internet, the more login details we have to memorise.

Moreover, users sometimes log in to websites and apps using their social network login details (such as Facebook's) to avoid having to remember new usernames and passwords.

But more are worried about how much personal information such logins require and share, and whether their personal data will be used without permission.

A spokesman for MC says: "It gives customers simple, secure access on any device, negating the need to remember complex usernames and passwords and ensuring that they have control over what personal information is shared with digital service providers."

How safe is it?

The question is whether MC is secure enough to win over users and online service providers.

Compared to typical username-and-password schemes - where criminals may obtain a user's password and steal his identity - MC lets the user use his mobile number and mobile phone to verify his identity. MC says: "As you are the only person in possession of your phone, you are the only person who can log in."

But what happens if the user's mobile phone is lost or stolen?

MC suggests that the user calls his mobile operator to report the incident, after which his MC account will be blocked to ensure that it cannot be used to log into any website or app.

If a website or app requires higher security levels (such as that of a bank), the user will have to perform an extra step: enter a personal pin, which he has to memorise.

With MC, a customer now only needs to remember his personal pin and carry his smartphone with him - to conduct banking transactions.

No need for cumbersome and expensive physical tokens, or even one-time passwords.

Local banks, when asked by The Business Times about the viability of MC, mostly said that the technology is still very nascent and that there are no plans to adopt the standard as of now.

UOB, however, appeared to have identified the hassle of physical tokens early.

Dennis Khoo, the bank's head of personal financial services for Singapore, told BT that UOB was the first local bank to offer a digital token.

He said: "With UOB Mighty Secure, customers can make mobile banking transactions without having to toggle between the smartphone and the physical security token."

On whether UOB will support MC, Mr Khoo said: "Ultimately, innovative mobile solutions that align with the customer's changing lifestyle needs are a step in the right direction as it will bring greater convenience for them."

Needed: An ecosystem

The success of MC will depend on the number of participating online service providers, such as banks and even the government. BT understands that M1, Singtel and StarHub are already in talks with several interested vendors, with which they are evolving a commercial model for MC.

Clement Teo, principal analyst at research firm Ovum, says MC will make a good tool for e-government services.

Its low-friction authentication will lead to better engagement with users, and reduce the likelihood of users abandoning transactions due to authentication issues.

Mr Teo notes that while MC could potentially replace SingPass (which today is used by citizens to conduct personal and corporate e-government transactions), it wouldn't be anytime soon.

"Given the government's recent shoring up of security for SingPass, it wouldn't be replaced so quickly."

Nonetheless, that all three telcos here are supporting MC is laudable.

Today, India is the only country globally to have implemented this platform across all its telcos - enabling vendors to access all mobile consumers in the country.

It may be very early days for MC in Singapore, but it's an idea whose time has come.

This article was first published on December 06, 2016.
Get The Business Times for more stories.