IDC says banks should not stop using traditional passwords despite biometric identification
An IDC analyst says that despite implementing new biometric identification technologies to authorize financial payments, banks should not stop using traditional password to enable payments, according to a report by Computerworld UK.
The use of biometric identification technologies in financial applications is a “relatively young and experimental business,” said Andrei Charniauski, an analyst for IDC.
The most recent developments in biometric identification is the emergence of fingerprint scanners integrated into Apple and Samsung smartphones, with Mastercard testing out facial and voice recognition technologies last month to authorize retail payments.
With the recent launch of the new iPhone 6, Apple has essentially marketed Touch ID to be used as a replacement for PIN codes for payment cards via Apple Pay, said Charniauski.
To take it even further, Apple has provided third-party developers with access to the Touch ID application programming interface, enabling them to integrate their biometric identification method into iOS apps, said Charniauski.
Meanwhile, payment providers PayPal and Alipay have upgraded their apps to allow users to sign in and authorize payments with a simple swipe of their finger.
“These financial institutions are the first to bet that the security level offered by mass market fingerprint scanners is at least as good as that of a PIN code or a password,” said Charniauski. “If this is the case, they win by offering a significantly improved user experience to their customers at no extra cost. While improving authorization experience is attractive and will help adoption of mobile banking services, financial institutions should not just blindly commit to mass market biometric identification solutions, especially those provided by third parties via publicly-available APIs.”
According to Charniauski, it would take “several years” for the financial sector to fully assess safety levels, so until then, banks ought to provide two-factor authentication in mobile applications.
Banks should only use biometrics for the initial sign in part and access to the information page that provides account overviews and transaction statements, said Charniausk.