Interview: “Convenient security without compromise”

• The challenge of security solution providers is balancing access and user experience with security
• Chau explained that V-Key’s solutions are anchored by the security of their patented V-OS, which has virtual tamper-proof secure element
• He also believes V-Key's partnership with Ant Financial will help the company scale up its operations

The fintech environment in Asia has become more vibrant as mainstream financial institutions are starting to engage start-ups and even their own staff is encouraged to develop solutions to answer business and customer’s increasingly complex problems. An area of growing concern, as banking products and services move increasingly into the digital space, is cyber security.

The activities of criminals and fraudsters are becoming more sophisticated and insidious, using very clever and often simple social engineering techniques to compromise even the most advanced security features.

Addressing security needs
The challenge of security solution providers is not just one of preventing an attack, this can be done simply by restricting access, but by balancing access and user experience with security. “We can create the most secure systems, but these become closed systems that nobody can or want to use because it will be so difficult to use. Instead, V-Key chooses to look at the issue from the customer’s perspective – our goal is convenient security without compromise. Applying new technologies in cryptography and biometrics to meet the security challenges has enabled a great improvement in the user experience,” remarked Eddie Chau, co-founder and chairman of V-Key.

V-Key is one of a growing number of start-ups that has focused its attention on this area. Seeing the pace at which enterprises and consumers were embracing mobile technology, the Singapore-based company was set up in 2011 with two other co-founders; CEO, Benjamin Mah and CTO, Joseph Gan, both veterans in the cyber security space.

It has developed universal solutions for both Apple’s IOS and Android operating systems and focused on providing an alternative to existing multi-factor authentication systems that rely on costly and cumbersome features such as SMS or hardware tokens, to secure transactions. It also developed a patented technology called, V-OS, Virtual Operating System, which provides a tamper-proof virtual hardware container for secure cryptographic processing and the storage of cryptographic keys.

Chau explained that V-Key’s solutions are anchored by the security of their patented V-OS, which has virtual tamper-proof secure element. He described V-OS as a “hardware grade solution in software” that replaces the smart chip and obviates the need for external multi-factor security measures such as SMS, hardware tokens and PINs, all whilst complying with or improving existing security standards for smart chip technology. Chau went on to explain that V-OS has enabled the foundation for a number of specific solutions to safeguard the mobile and digital environment for banking, payments and identity. For instance, V-Key’s V-Tap product is a virtual authentication token, secured by V-OS, that can be integrated into any existing mobile application as a standalone programme.

At the application level, the company has developed V-Guard that integrates multiple mobile applications to secure them against advanced persistent threats, including hackers, trojans, and rootkits.

In the detection and surveillance area, a critical pillar of any cyber security framework, the company has also developed V-Track which is designed as a mobile threat visibility and command and control system. Enterprises can configure the security policies for applications protected by V-Guard, as well as perform over-the-air policy updates. It collects real-time mobile application threat information and ensures that these applications continue to remain secure.

According to Chau, V-OS is currently deployed by top banks, mobile payment providers and governments globally. One such user is DBS which uses the solution in its standalone digital bank in India, Digibank.

Key partnership
In November 2016, V-Key entered into a collaboration with Ant Financial, the financial services arm of Hangzhou-based e-commerce giant Alibaba. Under the deal, V-Key will secure transactions on AliExpress, one of Alibaba Group’s international retail ecommerce platforms. It will also provide cryptographic services and trusted environments to further protect payments processed by Alipay on AliExpress by enabling risk management for each transaction. Ant Financial had injected a $12 million series B funding into the company in 2014.

Speaking about the transaction, Chau commented: “AliExpress has 30 million mobile wallets internationally and they are growing globally so this is a great opportunity for us to scale up our operations as we support not only the banking industry, but also e-commerce players and payment gateways.”

Besides AliExpress, Chau identified the legacy replacement segment as an area of growth. “SMSs and hard tokens are expensive and inefficient to operate and not as secure, it is a no-brainer that the ‘hardware in software’ solution will be the way to go,” he quipped.

Asked about the future development of V-Key and possible exit strategies for the founders, he answered: “I don’t think we have the time to think about it yet.”