Biometrics: Are they becoming the nirvana of personal security?
This is a guest post by Steve Cook, an independent biometrics and fintech consultant at Biometrics for eCommerce.
By 2020, nearly all smart devices including mobile phones, tablets and wearables will have some form of biometric security enablement. By the same time, personal banking through mobile apps will also overtake online banking in the UK.
According to a recent report from Good Intelligence, by 2020 1.9 billion bank customers will adopt biometrics for a variety of financial services, including ATM cash withdrawals, proving identity for digital on-boarding, accessing digital bank services through IoT devices and mobile bank app authentication. Biometric authentication for banking purposes is going to generate $4.8 billion in revenue by 2023.
In the UK, over 22 million people managed their current account on their phone last year, according to a report by CACI. By 2023, they have predicted that around 35 million people or 72% of the UK adult population will bank in the future via a phone app.
The combination of mobile banking and biometric security in our smart devices will enable consumers to have more confidence regarding their personal security and will be far safer than it has ever been.
Digital identity and proving who you are has become important for all kinds of remote banking. Combining both physical and behavioural biometric technologies together will play a central role and a key component of the customer journey and user experience. Besides it also has the convenience over having to remember complex passwords or PINs.
However, even though we know that biometric technology is not perfect, it is certainly a better security method than traditional user names and passwords, which can be hacked or stolen because there have been a large number of high profile data breaches in the past few years.
Biometric data is unique, relying on binary encryption and algorithmic measurements which is very difficult to reconstruct into a human template. Biometrics has become a critical part of cyber security going forward because it’s nearly impossible to replicate. Blockchain technology is also providing additional security with biometric data.
However, spoofing is different. Someone who is trying to impersonate you with a photo or by mimicking your voice or behaviour is where liveness detection and advanced behavioural technology will make the difference in preventing fraud, phishing attacks and account takeovers. Social engineering and identity theft still remains the biggest forms of fraud and a real concern for most banks. Multi-factor biometrics, such as a combination of face, voice or fingerprint together, does help to protect accounts and authenticate high value transactions.
Behavioural biometrics is the fastest growing of all the biometric sciences and there are many new fintech and start-up companies offering different types of solutions. Sometimes known as passive biometrics, they usually involve the user to just carry on with what they are normally doing.
Behavioural biometrics provides an analytical tool to moderate risk. It actually monitors user behaviour during the duration of the visit and detects anomalous activity. There are some 2,000 parameters that behavioural biometrics depends on that gives a clear indication of someone’s unique identity. These range from monitoring human motion gestures and patterns to keystroke dynamics, and factors such as speed, flow, touch, sensitive pressure and even signature formats. It also uses machine learning and AI as a continuous form of authentication. This technology can detect bot attacks and synthetic account openings too. A number of prominent banks have already deployed behavioural biometrics as part of their remote customer on-boarding strategies.
Of course, smartphones are ideal for personal banking. With so much more functionality, mobile is rapidly becoming the digital channel of choice, increasingly replacing both online and more traditional branch banking for a great many customers.
Mobile banking is most popular among millennials, with almost 59% of 16 to 24-year-olds and 69% of 25 to 34-year-olds using smartphones. In contrast, almost half (49%) of 65-year-olds bank online, according to a recent study by banking trade body UK Finance. “The Way We Bank Now” report by UK Finance revealed that there were about 5.5 billion log-ins to banking apps last year, a 13% rise on the previous year.
The figures predicted that more consumers would use apps on their smartphones rather than a computer to do their banking by as early as next year.
Initially, apps only allowed people to check their balance and see recent transactions, but now they are used regularly for more complex tasks such as setting up standing orders, transferring money to friends, or other money management functions.
Technology is also changing the way bank statements are being produced. Some already provide forward-looking statements that give a clear indication of when regular or pending payments will come out of an account and affect the customer’s balance.
Regulators have aimed for more competition in the sector through the system of Open Banking, which allows customers access to specific new services through their old account. New regulations in the form of the revised EU Payment Services Directive (PSD2) and the General Protection Data Regulation (GDPR) are having a serious impact on banking services. Both regulations require tighter security measures over payments and personal data.
As part of PSD2, Strong Customer Authentication (SCA) will come into force later next year. This means banks and other commercial enterprises must be compliant with a minimum of Two-Factor Authentication regarding online and mobile payments, with certain low risk exemptions. However the large majority of payments will require a task to prove your identity, and in some cases it will require a step-up process too. Combining something you have in your possession such as your smart device or bank card and something you know such as knowledge based answers, with a biometric component such as a selfie or fingerprint.
Privacy has become an issue too. In GDPR, biometrics is now subject to explicit consent given by the user as it is considered that biometric templates cannot be regarded as non-sensitive data under the Article 29 guidelines. They may contain a more limited amount of personal information than the biometric data themselves and in a coded form, but that extract serves as a pre-processed format for matching and is capable of providing unique identification in an automated matching process. The special power of biometric data is their capacity to serve as a universal identifier allowing information about the same person to be linked across different information sources.
2018 has seen biometrics come of age. Many consumers are already using a biometric method to unlock their smartphones; features such as a fingerprint scanner in Android phones, or TouchID/FaceID in IOS phones, for example. Many UK banks have introduced face or voice recognition as an alternative to passwords for log-ins or transaction verification, and in some cases, it’s both. It also suits consumers who prefer a choice. With other biometric technologies such as iris, palm, vein, heartbeat and even DNA methods coming in the future, our human characteristics, whether they are physical or behavioural, are the unique ways to identify us.
Now that biometrics are being used in many verticals such as education, healthcare, aviation, automation, IoTs (Internet of Things) and financial services, consumers are already becoming familiar with the idea that biometrics is a fundamental part of the mobile banking landscape. Biometrics are now ubiquitous!
About the author
Steve Cook is a specialist independent biometrics and fintech consultant, helping banks and other ecommerce enterprises to navigate the complex world of biometrics.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.