FB pixel

Mastercard and Oxford University unveil framework for mobile biometric banking


Despite a strong consensus among consumers and banks that biometrics should replace passwords for access to financial accounts, knowledge gaps are slowing the transition, according to the report “Mobile Biometrics in Financial Services: A Five Factor Framework,” released Tuesday by researchers from Oxford University and Mastercard.

Since 93 percent of consumers prefer biometrics to passwords, according to researchers, and 92 percent of banks want to adopt biometric technology, its adoption should be advancing rapidly. Only 13 percent have deployed biometrics, and only 36 percent of the involved decision-makers say they have adequate experience to tackle the situation, however, and this shortfall motivated Oxford and Mastercard to release a “Five Factor Framework” for mobile biometrics.

The five factors are performance, usability, interoperability, security, and privacy. The criteria for performance is that the technology be frictionless, yet secured by a biometric with low algorithmic error rates and device ID as a second factor, and the usability criteria includes the security and lack of friction be understandable to “technophobes.” The interoperability criteria refer to future-proofing across devices, use cases and biometric methods, including face, iris, and voice. Mobile biometric systems must include defenses against specific threats, such as zero-effort attacks in which the attacker attempts to use their own biometrics to claim the victim’s identity, presentation attacks or spoofing, scalable malware attacks, and false enrollments, according to the security criteria. Privacy must be assured by means such as template protection, as outlined in ISO standards, or on-device keys, as in FIDO UAF and BOPS.

“There has been a lot of conflicting guidance about mobile biometrics coming from technology providers, industry influencers and the media,” Mastercard Executive Vice President for Identity Solutions Bob Reany told Biometric Update in an email. “We believe the potential of mobile biometrics in financial services is tremendous and will help us as an industry seamlessly blend optimal security with optimal customer experience, a critical win that has revolutionized other industries, like travel and media. That said, adoption is not without its challenges, and we need to proceed in a way that empowers banks to proceed confidently. That is why Mastercard and Oxford developed the Five Factor Framework, to cut through the noise and make sure banks focus on performance, usability, interoperability, security and privacy. Today, performance—or ensuring that the user experience is good with low false decline rates and high security—gets the most attention, but the research points to a need for equal focus. Solution providers can use this framework to help advise their customers on the technology, keeping in mind all the factors necessary for a successful deployment.”

Reputational damage is the primary concern among banks (75 percent) adopting biometric verification, followed by data leaks (72 percent). Opus Research notes the increased attractiveness of end devices and client applications to attackers from mobile banking apps and distributed biometric processing, and suggests malware and rooting detection capabilities are essential to any such system. Mobile app development which includes “code obfuscation, runtime measures, white-box crypto, and attack-aware security” is also important, according to Opus’ whitepaper on the Five Factor Framework, “Guidelines for Deploying Mobile Biometrics in Financial Services.”

The research from Oxford and Mastercard also reveals significant differences in perception between financial industry professionals with different levels of experience with biometrics, and from the technical and business sides of companies. Almost all inexperienced individuals (96 percent) believe biometrics will make mobile banking and payments more secure, compared to only 61 percent of those with biometrics experience. Those on the business side are much less likely to view a second factor as necessary, 35 to 67 percent, and to view phone theft as a serious threat, 37 to 76 percent.

Reany notes that mobile banking apps with biometric verification are already out there. “However,” he says, “deployments across the world have conflicting experiences and designs. What we set out to do with Oxford is give decision-makers the confidence to start moving forward by equipping them with knowledge and a common set of guidelines to successfully bring mobile biometrics to life.”

Researchers found that consumer perceptions of fingerprint and facial biometrics improved over the course of completing a three-month trial with them. While most consumers had positive or very positive attitudes towards using their fingerprints at the beginning of the trial period, the number of consumers with neutral attitudes declined from roughly ten percent to roughly three percent. A significant number of consumers converted from neutral to positive attitudes toward facial biometrics during the trial as well, though in contrast with fingerprints, roughly five percent retained negative attitudes towards it.

Asked about the biometric security capabilities of mobile devices currently on the market, Reany says that a holistic, multi-layer approach is necessary to provide convenience and security for financial accounts.

“In terms of widespread adoption, we are at an exciting crossroad where strong consumer demand is aligned with industry desire to respond and the technology is there, so the challenge now is how to execute.”

Earlier this week South Korea’s Internet & Security Agency announced it is developing a biometric authentication system for mobile banking.

The Mobile Biometrics in Financial Services: A Five Factor Framework report is available through Oxford University (PDF).

Article Topics

 |   |   |   | 

Latest Biometrics News


Biometric video injection attacks getting easier; ID R&D helps devs mitigate

Through the use of generative AI and open-source tools, hackers are gaining the ability to easily create deepfakes and voice…


Innov8tif patents document authenticity check method to boost IDV security

Smartphones play a central role in remote identity verification (IDV), enabling a host of advanced functionalities that compliment biometrics, including…


Controversial US privacy bill rewritten again, but path still unclear

The already controversial American Privacy Rights Act of 2024 (APRA), which was originally introduced in April by U.S. Senate Commerce…


Idemia and Iowa collaborate on mDLs in Samsung Wallet

Idemia is bringing mobile ID to Samsung Wallet in Iowa, in collaboration with the state’s Department of Transportation (DOT). The…


Australia, Nigeria announce moves to ease digital birth registration

Governments in Australia and Nigeria are working on digital birth registration to make it easier for parents to qualify their…


UNHCR to seek provider for BIMS lightweight fingerprint and iris scanners

Biometrics firms should be aware of a forthcoming procurement opportunity with the United Nations High Commissioner for Refugees (UNHCR), which…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events