Digital wallets: how do Peruvian banks protect their users’ data?

The arrival of the pandemic brought with it great changes in the field of technology. While some had a brief step in people’s lives, others are here to stay and, better yet, expand. This is the case of the digital walletsbecause even after two years, many users continue to opt for this payment method when making a purchase.

In Peru there are certain payment apps developed by banks. On one side is Tunki, the Interbank application. Then this Plin, a function available in the Scotiabank, Interbank, BBVA, BanBif, Caja Arequipa, Caja Sullana and Caja Municipal Ica apps. and it’s also Yape, the application of the Credit Bank of Peru (BCP). All of these offer the user the possibility of charging and paying not only to other people, but also to stores and warehouses from their smartphone.

The latter is one of the digital wallets that has the largest number of users. Currently, the platform has more than 10 million registered yaperos, according to Raimundo Morales, general manager of the application. He told El Peruano that they carry out more than 88 million transactions per month. In fact, in the pandemic alone, the company managed to grow more than 200%. By April of this year, Tunki reported 1.7 million users and, at the end of 2021, Plin had 4 million.

LOOK: WhatsApp: hackers could be stealing your account through voicemail

After a visit to the website of each app, we were able to realize that they share a common factor: all three claim to protect the data of their users. We know that each bank has different ways of doing it, so this time, taking into account the scope of the application, Trade spoke with Yape to find out what some of its security systems are and with a cybersecurity expert to help us define them.

The use of encrypted keys

In addition to having an identity and access management service for the application, Yape also uses key encryption technology to protect your users’ passwords. Lucía Barrantes, leader of experience and attention to the yapero, pointed out that the keys “They are stored encrypted, respecting good practices for safeguarding critical information.”

In this regard, Mario Micucci, security researcher at ESET Latin America, defined them as “keys that require conversion of data from readable to encrypted format and can only be read or processed after decryption.”

For the expert, the use of this technology provides a mechanism so that the keys cannot be literally interpreted by third parties.

LOOK: 5 recommendations so that the WhatsApp backup does not take up so much space on your cell phone

The importance of code validation tests

Barrantes stated that during each phase of the software development cycle, “deployments go through code validation security tests” in order to minimize the possibility of information theft.

Code validation, according to Micucci, helps protect access to various systems. “If a supposed attacker managed to obtain our password to access our system by some means, and we used a second authentication method, the attacker in this situation would be frustrated since without this second validation he would not be able to enter the system”exemplified.

LOOK: Google Play introduces ‘archived applications’, the function to free up space on your cell phone

The Application Security specialist, a key player

Yape had many specialists in the development of the application. Some of them from the area Perimeter Security, Cybersecurity, Fraud Prevention and Application Security. While all are very important, this last one is vital.

According to Micucci, the specialist in Application Security takes care of provide layers of security at different stages of development. “This situation minimizes the possibility of vulnerabilities in the final development of the application and, for this very reason, it is very important to have them”he pointed.

Likewise, the expert mentioned that although some companies carry out security audits on their apps to detect vulnerabilities, “It is much safer and cheaper to start this process from the initial phase of development.”

LOOK: They discover a Trojan that is capable of stealing WhatsApp accounts and making paying subscribers

The use of facial recognition for user registration

In 2021, the application included facial recognition as a new security measure at the time of user registration. Barrantes stated that this implementation not only makes sure to validate the likeness of the client, but also to confirm that it is a real person and not a photo or video.

Mario Micucci defined facial recognition as a system that verifies if the user is who they say they are and not someone else. “This mechanism identifies the user through an analysis that compares the user’s facial characteristics with respect to the one loaded in the access database previously configured by the user who is trying to authenticate”he indicated.

Although there is no exact percentage of the level of security that it grants, facial recognition is a more complex system to break compared to passwords.

Facial recognition is one of the most complicated mechanisms to violate. (Photo: Reference)

LOOK: Samsung presents its blockchain system to protect its devices

How to protect our money from a cyber attack

Although the applications use different mechanisms to keep their users’ information safe, it is important to take into account certain points in order not to fall for an online scam.

First of all, in addition to not sharing passwords, the importance of not connecting to a WiFi network when the app is in use.

Micucci pointed out that it must be taken into account that there is another person managing the network and, therefore, is in control of the data that circulates through it. “Every time we connect to a network we must be aware of who is on the other side and, above all, what operations we are going to execute. Perhaps connecting to an unknown network to perform a query through Google could be an option, but not for us to access our home banking or systems where confidential information circulates”.

On the other hand, he also recommended the creating “strong passwords” and changing them from time to time. In addition, he stressed the importance of using the second authentication factor that applications provide in conjunction with their privacy policy options. “Today, it is a good option to have reliable security solutions on our devices that advocate for the protection of our information”he added.

Source: Elcomercio