Using biometrics to marry trust and convenience in the banking world
This is a guest post by Howard Berg, Senior Vice President Gemalto, MD of Gemalto UK Ltd
Last month, a new survey of UK consumers found a growing appetite for the use of biometric methods to access and authenticate online banking services. In particular, it found that consumers would prefer to use fingerprint recognition than the traditional methods of passwords or memorable questions, which have been undermined by ongoing data breaches and hacking scandals.
The news is unsurprising given the well-publicized difficulties consumers have in remembering ever more complex passwords for the range of online services they subscribe to, and the enthusiasm with which they have greeted the first mainstream applications of biometric technology. Ever since the iPhone 5S introduced its fingerprint reader back in 2013, consumers’ appetite for biometric security options has soared, with global shipments of smartphones with fingerprint sensors expected to reach over 1bn units by 2018. Crucially, the technology hasn’t just been used to unlock devices, but also to authorize mobile payments – whether in an online app store or a real physical retailer – meaning that many consumers now associate fingerprints with simple, fast, secure transactions.
The fact that consumers are evidently ready to adopt and embrace biometrics is great news for banks, who have been looking closely at implementing the technology (and in several cases have already started introducing it within smartphone apps). Crucially, the arrival of proven biometric authentication solutions promises to resolve one of the key challenges faced by long-established institutions and fintechs alike: how to marry trust and convenience in the age of 24/7 multi-channel banking. By eliminating the need to remember clunky, difficult to remember and increasingly vulnerable combinations of a username and static password, instant and effortless techniques – such as a fingerprint – open the door to a truly seamless customer experience. In turn, banks can use that improved experience to foster stronger relationships and promote new services. And it’s not just about fingerprints – new biometric technologies are also coming, such as allowing customers to authenticate themselves and sign mobile banking transactions with a selfie. With smartphones routinely equipped with cameras and the selfie ingrained in the public consciousness, facial recognition is ramping up fast. Other areas, such as voice recognition or iris scanning, will follow.
However, to achieve the benefits of usability, simplicity and security, biometric technology must be implemented correctly. Incorrect deployments can leave end-users highly vulnerable to biometric credential theft, as well as fraudulent replay attacks which can quickly erode consumer confidence. For example, having dedicated biometric devices issued in the field with updatable firmware opens up the risk of malicious firmware updates delivered over the web, or other types of tampering, without the knowledge of the bank or its customers. This risk exists irrespective of the biometric technology used.
So, despite the clear benefits of biometric authentication, as with anything in the digital banking world, a strong security policy is critical. It needs to use a multi layered security process, with a combination of different, strong authentication methods which can adapt to the level of risk and to the sensitivity of the specific transaction. In this context, risk-based authentication and behavioral biometrics are emerging as critical capabilities in helping banks achieve these goals. While behavioral and facial biometrics may be deemed as weak on their own, with each of them offering limited entropy to be considered secure enough for high value transactions, future security should be based on layered, multi-modal approaches. In this way, the combined data offered by face, behavioural, gait and other characteristics will lead to a much higher level of security. Through this layering approach, banks will be able to manage risks in a better manner behind the scenes and hence individual biometric methods should not be discounted – even though they may seem weak from an individual standpoint.
In the current age of the Millennial, the expectation on banking providers to deliver an outstanding digital banking and payment experience is growing relentlessly. At the same time, concerns over hacking and fraud are heightened with every headline-grabbing security breach. For banks and customers alike, biometrics provides the missing piece of the jigsaw in terms of convenience, based on the sheer simplicity of the touch of a fingerprint, swift voice command or the click of a camera. The next step is to develop multi-modal approaches to security which can withstand fraudulent activity and build a strong level of trust among consumers.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.