Concerns about biometric data theft and forgery.

According to a report on authentication experiences on banking applications in Vietnam, published on September 15th by VinCSS Cybersecurity Services Joint Stock Company, biometrics is taking center stage in the digital authentication trend in Vietnam.

Not only is it the most widely used method, biometrics is also considered by users of all ages to be the most convenient authentication method currently available.

Most used, most worried

Specifically, according to the report, 58.3% of users are using biometric authentication methods. This figure far surpasses the second most popular method, SMS OTP (one-time SMS authentication), which is only 12.1%. Following that are the methods: PIN code (9.8%), Smart OTP (6.6%), password (5.8%), etc.

However, the top three reasons why users are dissatisfied with the authentication experience on current banking apps all relate to biometrics.

Specifically, one in three users are worried about their biometric data being stolen or forged; and one in six people believe that biometrics are not reliable enough.

In addition, a quarter of users are concerned about their login information being stolen.

Specifically, out of 37 users, 1 reported having their account hacked due to authentication issues. This rate was higher among older adults, with 1 in 19 having had their account hacked for the same reason.

According to the report, most users of all ages are primarily concerned about where their facial and fingerprint data will go, where it will be stored, how it will be managed, and whether it could fall into the wrong hands.

Many users believe that biometric authentication is insufficient to protect their digital assets, especially in the context of the increasing number of AI-powered attacks, data breaches, and privacy violations today.

It's due to context, not technology.

According to experts from VinCSS, part of the reason stems from a lack of clear distinction between the role, implementation methods, and context of using biometrics in modern authentication systems. Biometrics is not always the primary key. Depending on how it is integrated, biometrics can be a standalone or supplementary form of authentication.

If used as a standalone authentication method, biometrics directly determines access, for example, fingerprint scanning to open a room door, or facial recognition to unlock a device. In this case, each time a user verifies their identity, the system compares the biometric data just scanned by the user with the biometric description data previously registered and centrally stored.

However, in many cases, biometrics only serves as a supplementary form of authentication for local verification, that is, an input interface layer that allows the user to unlock another authentication mechanism operating behind the scenes.

For example, many applications now use biometrics for automatic login. Users scan their biometric data to automatically send previously saved usernames and passwords to the system for identity verification and successful login.

Therefore, VinCSS experts believe that the risks in biometrics do not lie in the technology itself, but in the context of its application. The core of all biometric controversies usually revolves around the possibility of being stolen, forged, or bypassed.