As part of their commitment to protecting NCII, NACSA enlisted Securemetric Berhad for their expertise in digital security solutions to help mitigate the risk of unauthorised access to critical systems. One of the key solutions identified was the implementation of a FIDO2 server, an advanced security measure that uses passwordless authentication through biometrics. It uses FIDO2 standards, that guarantees secure and verifiable transaction signing, safeguarding the integrity of essential services linked to NCII.

Securemetric provided its pre-integrated certified FIDO2 Server that comes with end-to-end solutions including user registration and management, user authentication and transaction signing.

User Authentication replaces weak passwords with robust hardware-based authentication using public key cryptography to defend against phishing, session hijacking, man-in-the-middle, and malware attacks, ensures that no secrets are shared between services and users. It also supports major browsers such as Chrome, IE, Firefox, and Safari, and integrates via WEB API and SAML 2.0 (SSO).

On the other hand, the Transaction Signing solution creates a unique signature for each transaction, preserving data integrity and ensuring authenticity. This approach renders any changes made to a transaction after it has been electronically signed, allowing government agencies and their users to verify the authenticity and integrity of high-risk transactions, and thereby reducing online transaction fraud.

The NCII sectors benefiting from the secure, passwordless authentication provided by the FIDO2 protocol, which includes biometric-enabled security, span across National Defence & Security, Banking & Finance, Information & Communications, Energy, Transportation, Water, Health Services, Government, Emergency Services and Food & Agriculture.