DEV Community

Cover image for Protecting your Fintech App Customers further with Panic Password
Olaniyi Philip Ojeyinka
Olaniyi Philip Ojeyinka

Posted on

Protecting your Fintech App Customers further with Panic Password

This article is inspired by my encounter with rogue members of the Nigerian Police Force(NPF) who go out daily to intentionally wrongly profile their victims as a criminal and after lot of post incidence deliberations (what i did wrong, what i could have done better and what to do if such incidence happen again), i realized how some of the finance apps i used could have been of great help to me also at that moment.

Nowadays, we move around with our bank on us through our various fintech apps on our mobile phones (This reminds of Burna Boy's line 'Cause I walk around with a bank on me from his Bank on it track).

Fintech apps gives us the easy and convenient solution to access all kinds of financial services but what happens when this treasure falls into the wrong hands? Whether it's rogue law enforcement, criminals, or anyone else trying to gain unauthorized access to your fintech apps, the consequences can be dire. Enter the "panic password" - a feature that could be a game-changer in protecting users' financial assets and personal information.

The Panic Password Feature

The core idea of a panic password is to provide users with a way to access a "safe" version of their account when under duress. Let's explore two potential implementations of this feature:

Option 1: Modified Regular Password

In this approach, users would add a specific phrase or word to their regular password to trigger the panic mode.

For example:

  • Regular password: "MySecurePass123"
  • Panic password: "MySecurePass123Panic"

Advantages:

  1. Easy to remember in stressful situations
  2. Doesn't require setting up an entirely new password

Disadvantages:

  1. Might be guessable if the attacker knows about this feature
  2. Could be accidentally triggered if the user mistypes their password

Option 2: Separate Panic Password

This option involves setting up an entirely different password for panic situations.

For example:

  • Regular password: "MySecurePass123"
  • Panic password: "SafeMode456"

Advantages:

  1. More secure, as it's not derived from the regular password
  2. Allows for more complex panic passwords

Disadvantages:

  1. Users need to remember an additional password
  2. Might be forgotten in high-stress situations

As always with most engineering design decisions, it depends on what you are ready to trade off.

Implementation Details

Let's look at how this feature could be implemented at a system level:

graph TD
    A[User enters password] --> B{Is it a panic password?}
    B -->|Yes| C[Load fake/limited account data]
    B -->|No| D[Load real account data]
    C --> E[Start tracking session activities]
    C --> F[Prepare to send alert if configured]
    D --> G[Normal app functionality]
Enter fullscreen mode Exit fullscreen mode

At a low level, I could think of three approaches to implementing the panic mode:

  1. Separate System Account Session: When a panic password is used, the system loads a pre-configured "safe" account with limited data and functionality(this maybe cheaper and easier option).

  2. Fake Data Generation: The system dynamically generates fake data and account balances on-the-fly when panic mode is triggered.

  3. User Provided Data: Users may be able to customize certain parameters of the panic mode, such as:

    • The balance to show in panic mode
    • Which actions should be allowed or blocked in panic mode
    • Whether to automatically alert authorities
    • Even Panic mode Transaction limits settings could be very useful

I think panic mode/session could be stretch further

To further protect users in dangerous situations, the panic mode could also:

  • Automatically report to relevant authorities
  • Send the user's current location coordinates
  • Capture images using the front-facing camera
  • Record audio of the surrounding environment

Conclusion

These features, of course, would need to be implemented with utmost care for privacy and user consent.

Like most security investments, implementing a panic password feature could be seen as expensive for fintech companies. However, the cost is undoubtedly less than the potential losses from unauthorized access to user accounts or the damage to a company's reputation from security breaches. When customer funds and assets are guaranteed with robust security measures like panic passwords, it not only protects users but also builds trust and loyalty.

Top comments (0)