Federal Reserve Bank of Atlanta paper analyzes biometric authentication methods
In April, the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta released a working paper that analyzed the pros and cons of various authentication methods in financial transactions, including biometric technologies, according to a report by Fierce Finance IT.
Authored by Federal Reserve Bank of Atlanta payments expert David Lott, the paper looks at several different authentication methods that effectively and easily authenticate customers engaging in financial transactions.
In the end, Lott found that passwords and additional authentication factors should continue to be used in most financial transactions, as long as consumers regularly change their passwords at least once, if not a few times a year.
In addition, he encourages consumers to use more than one password for different sites.
The paper also addresses how financial institutions are increasingly using security questions, such as a mother’s maiden name, as a form of authentication method.
Additionally, there appears to be a growing shift in using preferences-based questions rather than personal data-based questions, such as favorite ‘80s movie.
The majority of the paper is devoted to biometric authentication methods.
The report finds that fingerprint scans have grown in popularity in the U.S. as a result of being embedded in smartphones and laptops.
Fingerprint or palm print readers are heavily used in Brazil with one-third of the ATMs featuring this technology, while more than 85 percent of ATMs in Japan use vein recognition as an authentication method, according to the paper.
Meanwhile, the paper finds that newer, emerging payment technologies face issues, with many of them still unresolved.
The paper highlights the results of a 2013 Federal Reserve study which found that fraud occurs three times higher in those transactions where a card was not present, compared to transactions where a card was presented.
To combat these issues, financial institutions are typically liable for fraud in transactions where cards are present, while merchants are usually liable for fraud in transactions where cards are not presented.
One grey area is how to approach transactions where card data is uploaded to an “electronic wallet” on a mobile phone or tablet.
A physical card is not used in this case, but the electronic wallet offers other authentication methods that are unavailable on typical card-not-present transaction.
Financial institutions and merchants have yet to agree on consistent rules that determine whether this is a card present or card-not-present situation.