Banking on biometrics

May 7, 2015 - 

This is a guest post by Steve Cook, Director of Business Development at Facebanx.

The world of banking is changing forever! Yes, right before your eyes (excuse the pun) the way we will all be banking in the future is radically going to alter as well as disrupt our lives. OUT: goes the traditional password. IN: comes biometric authentication.

Biometric banking will be here to stay and whether we like it or not, we had better get used to it, because the rush to implement biometric technology by the financial institutions to replace passwords, authenticate transactions and essentially verify who we are, is upon us. So will it be safe? Will it stop hackers and fraudsters? Will it gain consumer trust? How will each country’s regulations view this new technology? And more importantly, will we feel protected under our data protection laws and our privacy rights? All these questions will need to be addressed as we all move into a new, almost sci-fi world. Yes, the Minority Report movie got it right!

There are many different statistical reports on just how large the biometrics market will grow – ranging from $14.5 billion to $21 billion inside the next five years. Some recent estimates say the global market will be worth over $67 billion by 2025. One thing is certain, the rise of biometric banking is gaining momentum.

When Apple started selling its iPhone 5S in September 2013 with a Touch ID fingerprint reading sensor, all of us entered the biometric age a bit. Samsung also launched its own version of the tech in the Galaxy S5 in a deal with PayPal. Since then, we have seen Apple Pay launched in September 2014 together with the iPhone 6 and just recently Samsung Pay launched with their range of mobile platforms – both using fingerprint as a device touch ID log-in.

But of course, that’s not all that is happening.

Now many global banks and card companies are jumping on the band wagon! In the U.K., recent announcements from RBS and Nat West will allow customers to log in with their Touch ID to do their banking. Barclays announced they are investigating vein authentication for business customers. New online digital banks are also getting in on the act. A new digital wallet from ATOM bank will launch using biometrics. In the U.S., the USAA bank is using both face and voice recognition log-in. In China, E-commerce giant Alibaba Group and affiliated online payment service Alipay are aiming to use facial recognition technology to take the place of passwords.

Mastercard, Visa, American Express and a number of other card companies are also going to introduce biometrics. In fact, I could now list dozens and dozens of organisations that will be moving forward with biometric technology in some form or other later this year. The mobile wallet is going to be the battleground as both banks and the tech giants fight for your purse. Will the day happen when you leave your cash, wallet and cards at home and pay for everything with your mobile device. It may come sooner than you think.

But is it safe? The hype surrounding the rush to bring biometrics to the masses is lost in whether all this new technology is going to work efficiently and the question of will consumers be put off because using biometric technology is not 100% reliable! Of course, nothing is! The fingerprint has already been spoofed by various hacking groups. So the financial services industry had better prepare themselves for a great deal of cynicism and potential backlash. That is why it is important to get things into prospective and set expectations because while many consumers may enjoy a quick easy way to access their bank accounts, there will be occasions where the technology will not be as perfect as everyone is expecting. That is why it is also important for banks to rely on more than just one form of biometric identifier as well as other forms of authentication. Multi-factor biometric authentication is going to be key. Whether it is fingerprint, iris image, vein, face, voice or other forms of biometrics, using two or more of these human characteristics is going to be essential for consumer trust. There are also huge benefits for banks to promote biometrics as being a safe alternative to passwords. Identity theft and data breaches have become a major issue for banks. They don’t like to shout about it, but it is the biggest form of fraud that all banks suffer from. If customers had their unique biometrics attached to their bank accounts, it would be very difficult for fraudsters to circumvent. In fact, fraudsters will likely look for easier targets. So banks have a unique selling opportunity to promote biometrics as one of the best ways in protecting your bank accounts from identity theft. Some say that’s a no brainer!

So how will this all play out? Currently fingerprint is leading the market as the main biometric authentication technology. However iris, face and voice or a combination of these four biometrics are all gaining traction too. How do they rate in terms of reliability? Well, that often depends on the platform, i.e. what device you are using and also the environmental circumstances. For example, background noise can affect voice recognition. Poor lighting can affect face recognition. People with diabetes can affect iris recognition as the iris fluctuates. Fingerprint and palm touch can be sensitive from overactive sweat glands. So really, no single biometric should be truly relied upon. Having said that, biometric technology does have a very high standard of reliability if the conditions are right. For consumer safety, at least two identifiers are needed to prove who a person really is. There is also the potential for proving liveness. Each person has to show that it is genuinely them in real-time and verification has to be performed within seconds. Yes, waiting around for half a minute or constantly pressing your finger or repeating a selfie just won’t do! Over 95% reliability is required but then it also has to feel like its frictionless otherwise passwords or pin numbers will remain and that in essence is what we are trying to replace.

The choice of biometric architecture that banks should adopt, i.e. device centric, where the biometric data never leaves the device, or server-centric, where the user enrols their biometric and then the data is stored by the financial institution is still a hot topic. For verification; the matching is performed on the device for the device centric model and against a stored template within a network database (Cloud) for the server centric model. There is room for both models but essentially in order to stop potential fraud in its tracks, then biometric data will need to be compared with a database. Also, having a server centric database allows for cross platform access such as a smartphone, tablet or PC which is what consumers will demand with their banking apps.

So how will it affect our privacy rights? Well, this is going to be the most trickiest of areas to deal with, particularly with how biometrics are going to be represented legally in each country. Many Governments are presently reviewing how this data is going to be used, stored and whether there are political issues. No Government will back it if it’s a vote loser! All of us understand that it will help national security and potentially protect us from terrorists but how will the commercial world use this data? Each company must spell out within its own Terms and Conditions how they will use biometric technology, so that every customer fully understands what they are signing up to – whether biometrics are going to be deployed in the enrolment or on-boarding process, logging in and replacing passwords or verifying transactions. This must form part of consumer safety and trust if we are going to get anywhere. However some experts are warning that our privacy rights in this area are really going to be non-existent. But there will need to be a balance between this new era of biometrics and trust. The good news is that where biometric data is stored, generally it is difficult to hack. Customers must feel comfortable that biometrics are not used in a harmful way. So the momentum is there, the younger generation are ready to embrace it, let’s make sure it works properly and we can all benefit from a better user experience. Goodbye passwords!

Biometrics are the new hi-tech weapons of war against online fraud and supporting ecommerce businesses with their KYC (Know Your Customer) methods. There are many different applications where biometrics are being used. For example; replacing passwords, protecting against ID theft and multiple accounts, screening new and returning customers, verifying transactions as well as access control and border entry points. In the ecommerce world, biometrics will find their way into online and mobile banking, payment processing, insurance, telcos, retail, recruitment, health, travel, dating and gaming. Just about everywhere where you might use your wallet or purse.

DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.

Leave a Comment

comments

About Steve Cook

Steve is Director of Sales EMEA for Daon and has been working in the biometrics industry for over three years. He has a long track record in the online and mobile video gaming and gambling markets with over 20 years’ experience. As General Manager at Sega Europe for 8 years he developed a unique understanding of the industry and was one of the first people involved when gaming moved online. In 2001, Steve developed his own business consultancy company providing European strategic sales, business development and marketing services to fintech start-ups. Today, Steve is firmly established in the biometrics industry having previously worked for Facebanx.