The high prevalence of malware in Brazil, especially in the banking sector, has led to an increased awareness among Brazilians of security threats, even if they are still at early stage when it comes to dealing with them effectively.
Certainly, their government has begun to take this more seriously. Brazil has long had its own national identity card, the ‘RG’ (Registro Generale), which is due to be replaced by a new high-tech ‘RIC’ (Registro de Identidade Civil) card. This will enable each Brazilian citizen to be registered under a single number valid nationwide, but the process is expected to take more than a decade.
Containing both a contact and contactless module, this RIC card will store information such as a person’s fingerprints, allowing unambiguous identification of individuals. The security, and authenticity, of such data stored on the chip is guaranteed by Public Key Infrastructure (PKI).
Right now, in common with most of Latin America, fear of fraud is what inhibits many from using the Internet as a transactional channel. Despite the increasing popularity of online and mobile banking, password recycling is widespread, with half of users in Brazil reusing the same user name and password for different websites.
This can only grow with greater web use, increasing the need for multi-layered protection and strong authentication methods. Fortunately, Brazilians also appear to be equally aware of the advantages of using their mobile phone number as the most globally unique and easily verified form of identity.
One of the first implementations of m-banking services in Brazil required retail customers to identify themselves not by their account number, but through their mobile phone and social security numbers. This enabled customers to use their phone to access banking services through all channels (ATM, Internet and Phone banking), without needing to remember their account and branch number, plus their user name and password.
It looks as though the advantages of such a process has resonated with customers because, as we saw in a recent report, 46% of Brazilian respondents declared they were willing to share their mobile number for increased security of online accounts.
However, there still remains a disappointing lack of awareness over some aspects of mobile authentication. When consumers were asked “Do you know what two-factor authentication or two-step authentication is?”, 78% of respondents in Brazil replied that they did not understand the term.
Even when users know about such precautions, about 40% are not prepared to pay for them, and in fact the whole idea of authentication by passcodes sent to a user’s mobile phone has received a less than encouraging vote of support. Not only was this the 4th most commonly known security method, it was only used by 38% of respondents, and was the method they had the least trust in.
General industry opinion suggests that Internet companies, especially the larger social media, need to issue clearer instructions on how to implement two-factor authentication, and the greater level of protection such a simple process affords.
If Brazil is to be ready for the challenges of the major global sporting events like the 2014 World Cup and the 2016 Olympics, there clearly needs to be significant user education in the dangers of online security breaches, and how best to avoid them. As one head of security research put it, ”Make ‘paranoid’ your default setting when you go online during this World Cup”.