Biometrics — using physical features as security — are already here and the password is on its way out. Gone are the days when you have to type a password into your phone to unlock it with many now using fingerprints.
But now we’re going deeper into the biotmetric world.
Smartphone developers — led by giants Samsung and Apple — are exploring other ways of improving the identification process such as iris scanners.
Biometrics uses technology to prove or verify a claim of true identity. And it is increasingly becoming more important in the world of banking — in which security is paramount and change only happens when safety is guaranteed.
Research by Mapa found that after Apple incorporated fingerprint-recognition technology back in 2013, the technology took off.
Nowadays, several banks are offering so-called TouchID as an option for customers to access their bank accounts on iPhones, from Lloyds to Rabobank.
This is only set to increase as other financial institutions catch on to the idea that biometrics can make banking a more secure process.
Verdict spoke to Bill Spence, HID Global’s vice president of biometric sales, which builds biometric authentication products for ATMs and banks, about the importance of using this technology, the challenges facing the banking sector, and why it is so successful in Brazil.
Verdict: Why do biometrics and banking work so well together?
Bill Spence: One of the biggest challenges facing banks today is how to provide secure and trusted services while substantially improving customer experience.
Fraud is an ever-present and increasing threat in an environment where bank customers are demanding a seamless and consistently satisfying experience across all service channels.
The way to achieve this is a holistic multi-channel identity and access management (IAM) platform that correctly recognises customers across all channels and uses biometrics to offer both a better user experience and a higher level of mutual trust.
Biometrics is an essential component of this identity solution because it enables customers to conveniently and reliably prove that they are who they say they are — from account creation to any transaction.
V: What ways are financial institutions and banks implementing biometrics?
BS: Biometrics are being used to simplify IAM across all banking channels, improve user experience as well as the level of trust, and reduce total cost of ownership.
V: Biometric ATMs are becoming more popular in places such as Brazil, why is this?
BS: Biometrics offers significant value to these financial institutions and their customers.
One common approach in countries like Brazil is to use the fingerprint in place of the PIN for the ubiquitous card-plus-PIN transaction.
Fingerprint authentication is generally easier for the customer than remembering a PIN and it also brings a higher level of certainty about who is transacting. Lumidigm has more than 81m bank customers in Brazil.
Placing a finger on a sensor takes less time than keying in a PIN. When multiple transactions are desired in a single session, this time benefit is multiplied to provide a quick and easy way for a bank customer to authenticate each transaction.
In this way, the bank can enforce per-transaction authentication for greater security without compromising the user experience.
As well, biometric information can be incorporated directly into a smart device.
As banks migrate to chip-based EMV cards for higher security, there is the opportunity for incorporating a user’s biometric template on the card. This is currently being done in some large-scale national identity programs.
V: BBC Click recently showed that it can hack HSBC’s voice authentication system: how can banks prepare against this when implementing biometrics?
BS: There are things they can do. Sensor reliability is essential. It is critical that sensor technology be capable of working reliably under the broadest range of real world conditions.
In the case of Lumidigm fingerprint technology this is possible because the sensors feature multispectral imaging to ensure unique fingerprint characteristics can be extracted from both the surface and subsurface of the skin.
Also important is field-updatable liveness detection capabilities to ensure proof of presence by preventing the use of fake fingerprints or spoof attacks.
V: What needs to be done to ensure that banks are doing this properly?
BS: Some best practices include things such as optimised data security and tamper protection and trusted connections. This means making sure the data is secure.
Properly architected system designs will always consider and protect against both internal and external threats and attacks.
Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multi-factor and even multi-modal authentication to maintain security even if some identifying data is compromised.
As well, in terms of privacy protection, systems must be designed to provide for end-user privacy. The ability to store biometric data on a personal device eliminates the need for a local database or network connection and is one way to ensure privacy.
Encryption and tamper resistant devices prevent the interception of private biometric, biographic, and transactional data.
Whilst biometric characteristics are not themselves inherently private, well-designed biometric solutions prevent fraudulent access and allow individuals to control their true identity.
Bill Spence is speaking at the ATMIA ATM & Cash Innovation conference in London, 13-14 June