Biometric Research Note: Biometrics projected to cut bank operational risks by 20 percent
The Biometrics Research Group projects that the implementation of new biometric technologies in the banking industry has the potential to cut a financial institution’s operational risks by at least 20 percent over the next 10 years as the technology becomes more widely adopted, especially in advanced Western countries.
With the advent of electronic banking, financial institutions are able to reach customers around the globe and conduct transnational business. However, in the process, financial institutions have experienced growth in exponential risk to their systems and processes.
Operational risks that financial institutions face are increasing due to the elimination of face-to-face service with the advent of electronic banking. Banks must verify the legitimacy of customer identifications, transactions, access and communications, which demands an incredible amount of vigilance.
Implementing a biometric-enabled authentication system can be a very efficient method of protecting the technological assets of an enterprise against the attacks of internal and external intruders.
In terms of banking customers, a biometric identifier can measure an individual’s unique physical characteristic or behavior and compare it to a stored digital template to authenticate that individual. A biometric identifier representing “something the user is” can be created from sources such as a customer’s voice, fingerprints, hand or face geometry, the iris or retina in an eye, or the way a customer signs a document or enters keyboard strokes.
The success of a biometric identifier rests on the ability of the digitally stored characteristic to relate typically to only one individual in a defined population. Although not yet in widespread use by financial institutions for authenticating existing customers, especially in North America, biometric identifiers are being used in some cases for physical access control.
Financial institutions can use biometric identifiers for a single or multi-factor authentication process. Automated Teller Machines (ATMs) that implement iris-scan technologies are an example of the use of a biometric identifier to authenticate consumers. The biometric identifier may replace the personal identification number (PIN). A customer can also be asked to supply a PIN or password to supplement a biometric identifier, making it part of a more secure two-factor authentication process.
Financial institutions may also use biometric identifiers for automating existing processes, thereby reducing costs. For example, a financial institution may allow a customer to reset a password over the telephone with voice-recognition software that authenticates the customer.
An authentication process that relies on a single biometric identifier may not work for everyone in a financial institution’s customer base. Introducing a biometric method of authentication requires physical contact with each customer to initially capture the physical identifier. This process increases deployment costs. Unlike a password or PIN system, in which a financial institution needs to communicate with a customer only once for account initiation, use of biometric identifiers for authentication may require customers to submit several samples, sometimes over time. Some customers may not be able to produce a given biometric identifier, because of particular physical attributes or disabilities.
Even when the customer is able to produce a biometric identifier, there may be times when the biometric identifier cannot authenticate the customer. For example, if a customer has a severe cold, or laryngitis, voice recognition identifiers may mistakenly restrict the customer’s access.
Financial institutions can eliminate this problem by allowing for more variation in the biometric sample input compared to the database, but this will reduce overall security and potentially increase the number of individuals that the system may falsely authenticate.
Financial institutions should consider privacy concerns when using biometric identifiers. For example, some customers may associate fingerprint-based biometric identifiers with law enforcement.
When utilizing biometric identifiers, financial institutions need to consider the following: designing systems that encrypt biometric identifiers during storage or transmission; designing and implementing a secure process for capturing biometric identifiers; and limiting the number of failed “log-ins” a customer can attempt.
While implementing a biometrics system, banks must also be aware that as the required level of accuracy of authentication increases, so does the cost. However, as noted previously in BiometricUpdate.com, a driving “push” factor for adoption is that biometric technology shortens transaction time. Industry statistics have revealed that on a daily basis within an average payments operations department, approximately one to two percent of all payments are subject to some form of inquiry or investigation. While many institutions are achieving impressive straight-through processing (STP) rates in the area of payments processing, it is clear that the cost of handling each inquiry produces a multiplier effect on the total cost of a payment.
The banking industry is starting to understand the impact of exceptions and investigations on their operations, more so now than in the past, as most banks have to track the cost of errant transactions as part of their Basel II reporting requirements. At the same time, excellence in customer service is fast becoming a key differentiator.
The use of newer security measures such as biometrics can speed transaction processing, bolster customer service, and improve a bank’s value-added services and the levels to which they satisfy the growing legal requirements for data transparency and real-time information. Quick and efficient resolution of problems is an influencing factor in attaining and retaining customers.
This translates directly to the requirement for efficient processing of transactions. Biometrics adds to such efficiency, along with providing levels of security unlike other measures used. Using biometrics can reduce Internet fraud, money laundering, and identity theft; and will increase the efficiency of transactions, while concurrently reducing operational risks.
Biometrics Research Group provides forward-looking and systematic data about the global biometric market, allowing industry stakeholders to calculate political, economic and investment risk.
access control | ATMs | banking | biometric authentication | biometric database | biometrics | financial services | fraud prevention | identity theft | multi-factor authentication | PIN | secure identification | security