Banking Security Gets Physical: Are Hardware Keys the Future Standard?

A business owner logs in from overseas to approve an urgent payment, relying on two-factor authentication for security. Yet with increasingly sophisticated tactics like phishing schemes, social engineering and AI-driven hacking, even familiar methods like SMS codes or authentication apps are no longer fully secure.

This vulnerability isnā€™t isolated; organisations across sectors, from finance to healthcare, are experiencing a surge in cyber threats, particularly targeting high-value accounts. PwCā€™s 2025 Global Digital Trust Insights survey reveals that the average data breach now costs $3.3million, with criminals skilled at exploiting gaps in authentication. This includes weak identity verification, outdated access control methods and other security limitations.

In response, Narvi Payments ā€“ a European electronic money institution offering online business accounts, banking services and IBAN accounts ā€“ now provides its customers with hardware wallets as part of its security approach.

Neil Ambikar, CFO of Narvi Payments

By providing a physical security key for account access, Narvi adds an extra layer of protection against remote hacking attempts. Narvi allows SMS and Authenticator apps as 2FA methods, too ā€” but hardware tools trump those in security.

Narviā€™s clients, who often operate across borders, can benefit from this added security for high-value transactions, especially as remote attacks on digital business accounts rise.

ā€œWith the amount of phishing attacks and the quality of hacking, [the threat level] just keeps going up,ā€ said Neil Ambikar, CFO of Narvi Payments. ā€œBusinesses can hold hundreds of thousands, even millions of euros in their accounts. The risk is very high, and a physical wallet brings that extra layer of security.ā€

How hardware wallets work

A hardware wallet is a physical device, often resembling a USB drive, that connects to a computer or mobile device to provide an extra layer of security for login and transaction approvals. Using advanced cryptographic techniques, hardware wallets generate public and private keys that secure each access attempt.

Unlike software-based two-factor authentication, which relies on codes sent via SMS or authenticator apps, a hardware wallet requires users to physically insert the device and confirm the access or transaction, potentially reducing the risk of remote attacks.

This physical connection means that even if a userā€™s computer or mobile device is compromised, access to their account may remain more secure, as the hardware wallet itself is required to authorise any transactions. This feature creates a physical barrier against unauthorised access, one that criminals cannot bypass remotely.

Neil describes this approach as a smart way to counteract rising threats: ā€œPasswords and SMS codes can be hacked, and itā€™s easy to fake user experiences on your device. But the hardware wallet adds a second layer of security thatā€™s hard to bypass; even if a hacker has control of your computer and phone, they still need the physical key.

ā€œThe good thing about the hardware wallet is that, at the end of the day, no one can force you to stick the key into your computer to approve a transaction.ā€

A standard for security

Narvi supports several well-known hardware wallets, including YubiKey and Ledger, which operate with FIDO2 and U2F protocols. Using these open security standards ensures compatibility with multiple devices, offering clients flexibility in their choice of security tools while maintaining robust protection against phishing attacks and other threats.

ā€œItā€™s a standard, so any device that meets the standard can work,ā€ Neil explains, highlighting how this creates a phishing-resistant barrier for account access. FIDO2 and U2F compliance enables Narviā€™s business clients to use hardware wallets interchangeably, ensuring reliable security without compromising convenience.

Narvi ā€˜leadsā€™ the way

Neil points out that Narvi is ā€œquite uniqueā€ in offering hardware wallet compatibility, as ā€œmost banks still use a traditional way of securing the account, which is SMS orā€¦codes on pieces of paper.ā€

While SMS and app-based codes offer some protection, he says, they are limited in an environment where threats are increasingly sophisticated.

Narvi is also one of the few regulated electronic money institutions in Europe building its own core banking technology.

ā€œA lot of banks arenā€™t capable of implementing this because of the legacy systems they have in place,ā€ Neil says. ā€œWeā€™re based in Finland, and we build all our technology in-house. Thatā€™s one of the unique things about us ā€“ we handle everything ourselves, from our banking solution to onboarding processes, APIs and all the features we offer our clients.

ā€œThis approach allows us to be agile, adopting the latest technology for both security and payments. Our client base is primarily business customers, so our goal is to create the best business banking experience for companies and corporate accounts. Clients can onboard digitally in about 10 to 15 minutes, and once approved, they gain access to our APIs, dashboard, business account, and other available features.ā€

Biometric security

Looking forward, Narvi is also planning to implement additional security options to complement hardware wallets.

ā€œWeā€™re also implementing biometrics to give users an additional secure, user-friendly way to confirm transactions,ā€ Neil reveals. By introducing fingerprint and facial recognition, Narvi aims to provide a security experience that combines both physical and biometric factors, further strengthening account protection.

The post Banking Security Gets Physical: Are Hardware Keys the Future Standard? appeared first on The Fintech Times.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *