Financial institutions are embracing biometrics … but with due caution
More than 25 banks are registered to attend an upcoming seminar discussing biometric technology and implementations in the European financial sector organized by the European Association for Biometrics.
The seminar, “Biometrics in Banking – A New Era of Enabling Service and Security”, will be held on October 24, 2014 from 10:30 a.m. to 5 p.m. at the Citibank branch at 25 Canada Square in London.
Practitioners and experts in the field will discuss some of the most relevant biometrics issues for financial institutions such as how biometrics can support in-branch and mobile authentication, and mega trends such as personalization, as well as how biometrics can be incorporated into existing processes and workflows.
Leading up to the event next week, Biometric Update talked to some of the speakers to get a sense of how biometric technologies are currently being used by financial institutions and what future opportunities and challenges they will present.
According to Richard Martin, who is Head of Proposition – Authentication at VISA Europe, biometric authorization has been around for a while but it’s been largely within user groups with a limited-size such as allowing employees to access a building, or in controlled situations like biometric passports used at border control.
“Payment services presents different challenges,” says Martin, who will be presenting “The Role of Biometrics in Payments” at Biometrics in Banking. VISA serves billions of transactions per year. Its ecosystem includes several million merchants, 500 million card holders, 3,000 financial institutions that issue cards, and millions of merchants that accept VISA around the world. “In terms our challenges, they are pretty enormous, which means when you want to introduce or support new types of technology like biometrics, there are some quite serious considerations and requirements that we have.”
He says that payment solutions of VISA’s scale need to be scalable to an enormous degree, extremely reliable, and keep user data secure.
VISA has recently worked with Apple to allow cardholders in the U.S. to use Apple’s new payment service, Apple Pay starting October 20. This means that iPhone 6 or 6 Plus users with Visa cards issued by several U.S. financial institutions will be able to initiate mobile purchases with Apple Pay.
Visa cardholders can make in-store purchases with their iPhone 6 or iPhone 6 Plus by holding the phone in front of a contact-less reader and placing their fingertip on the Touch ID to authorize the payment. More than 220,000 merchant locations in the U.S. already have these contact-less readers installed.
Similar Apple Pay functionality will come to Europe early next year, according to Martin. As for other implementations of biometrics, lots of people are working on standards and requirements for a lot of developments to happen in the next 12 months.
However, supporting just one technology – no matter how good it might be – isn’t a viable option in the payment industry because payment companies have to adapt to the various technologies people choose to use.
“The reality is that card issuers need to support whatever biometric technology the card holder happens to have in their possession,” says Martin.
If an individual has an iPhone or Android phone with a fingerprint scanner, the card issuer may want to use these biometric capabilities, but another phone with a good microphone might be used for voice biometrics or a good camera could be used for facial recognition.
Martin says the payment industry is “going to want to be able to support any valid method of authentication technology that a card holder happens to have, which creates challenges of its own.”
Some technologies are better than others and different implementations are better than others, but initiatives like the FIDO Alliance are providing financial institutions a framework through which to implement solutions and work with different devices.
Rather than rely solely on a single authentication factor, however, banks and financial institutions use biometrics to help paint a picture of the potential risk. Biometrics are combined with different data points such as if the mobile device has been used before, or if the transaction is typical of the user’s history.
Looking at another use of biometrics, Christiane Kaplan, product manager at e-signature technology provider Softpro, is presenting on the topic of how banking and financial services can transition from a paper-based workflow to a digital one that incorporates digital signatures.
She will also be discussing some of the risks of digital signatures from a software implementation perspective.“It’s important for the banks to figure out how the software works,” she says.
She says that it’s also important that companies consider the needs of their applications when considering the technologies they want to use.
The most typical application among financial and insurance institutions is the signature of documents and contracts. It reduces the amount of paper sent and received by institutions and makes it possible for individuals to sign documents nearly instantly, speeding up internal processes.
But it also has other advantages.
“You can also check if someone changes the contents of the document after the signature,” says Kaplan. “If you put your signature on paper, you have no control over it. You can make a copy, but then you have to prove that your copy has not changed.” These documents can be archived in a digitally signed PDF format that ensures documents are not tampered with.
Softpro has been implementing signature pads in the banking industry since 2008, and it is now helping mobile biometric signatures begin to be used by the financial institutions and insurance companies around the world.
Even with various different biometric options for document authentication, Kaplan is confident that signatures will remain a relevant way of verifying an individual’s consent as opposed to signing with a fingerprint or voice signature.
Those in favor of signature community, she says, argue that “you would never sign a paper document with your fingerprint, and you wouldn’t sign with your voice because you need something to present.”
She notes that it’s also a deep-seated cultural norm to sign documents. “For documents, for contracts, for banking, I see signatures more than fingerprint, voice or face recognition.”
Some of the specific problems of biometric signatures are the quality of data coming from the touchpad digitizer or stylus. If there isn’t sufficient data, then a document examiner or judge may deem the signature invalid in a dispute.
With the risks of fraud weighing heavily on those in the banking and financial industries, it’s clear that the introduction of new technologies should be accompanied with caution. However, new biometric solutions have the potential to provide more accurate authentication and streamline many aspects of financial services.
This is why it’s important for managers to learn from industry experts what technologies are available, and how they can be implemented in ways that minimize risk.