Indonesia's digitalization trend is increasing by the presence of innovations in the financial sector disrupting conventional finance businesses. The changes in financial services in consumers' new experiences demand fast, efficient, and secure seamless experiences. The trend of fintech services gross transaction value is about $620B and is predicted to increase to $1200B and the second largest transaction in lending services with a predicted lending loan book of $92B in 2025. However, behind the convenience provided by fintech services, there are dangers of personal data that are detrimental to Fintech users. The Open Web Application Security Project® (OWASP) naming Authentication in the top 10 vulnerabilities and top 10 mobile risks, respectively, in the 2013 and 2017 assessments.
Regarding the determination of security and usability, it is necessary to analyze the performance of one of the methods that can be implemented for user authentication. The fingerprint processing time is 18.24 milliseconds, and the facial recognition processing time is 31.83 milliseconds. The average fingerprint accuracy rate is 91.64% and the average facial recognition accuracy rate is 91.82%. This number exceeds the minimum standard due to NIST research and Google's Android set is 90% of accuracy. In the simulation, two stages of authentication were carried out, of which the second stage could only be carried out if the password authentication was successful. The use of two-factor authentication for processing ensures that the user is represented when authenticating, which is hard to fulfill by the password-based and token-based authentication.
In business terms, a market survey of 350 respondents was conducted. The number of payments fintech users is 95% and for loans is inversely proportional, only 24.6% of the total number of respondents. The mobile phone devices used by financial technology service users are mainly mobile phones with fingerprint functions. This is because the penetration rate of mobile phones equipped with facial recognition is still far lower than the penetration rate of fingerprints that have been implemented in low-end mobile devices. Only 13,4% of respondents are unwilling to spend time on data security, it might be due to the unreliability of the system in the implementation process and factors outside of this investigation, such as the mobile phone device and the user's cellular network.
Government regulations and Bank Indonesia regulations already cover the fundamental standards for the protection of user data, hence the technical standards for implementing biometrics and factors Two-way authentication can be explained further in the regulation.