Huge growth in demand for digital banking has been accompanied by the ever-evolving – and increasingly sophisticated – threat of fraud and cybercrime. Gemalto UK’s Howard Berg looks at biometric solutions
For banks and other institutions involved in making payments, there is significant pressure to maintain and build consumer confidence by protecting them from harm.
But evidence is growing that consumers are growing weary of a seemingly endless cycle of clunky, demanding username-password authentication procedures. With new threats emerging almost daily, measures to protect end users from hacking and fraud have to be delivered without jeopardising the consumer experience.
Today’s banking customers demand a personalised experience, and a more secure and convenient banking journey. This means the ‘one size fits all’ approach, in which new security policies and innovations are applied equally without considering the unique requirements of each individual consumer, is no longer the best way forward.
With the rise of fintech startups and the imminent revised Payment Service Directive regulations set to increase competition in the sector, the customer experience is becoming an increasingly important differential, so a more nuanced approach is necessary. Banks need to ensure they are ahead of competitors in developing an engaging and easily navigable customer experience, and new biometric technologies offer a way of achieving this.
Using biometric data to authenticate identity is something many of us have become familiar with thanks to the prevalence of fingerprint readers in smartphones. Now we can look to many more types of biometric data – from iris or finger vein patterns, to unique characteristics in the way someone types on a keyboard or moves a mouse.
This data can be used to create a unique profile for every customer, which can also incorporate device-based indicators, such as IP address or geo-location. By applying machine learning and risk assessment techniques, it is then possible to provide consumers with a much more personalised security experience.
For example, a low-value transaction in keeping with normal behaviour patterns can be processed instantly. However, if a heightened risk is detected, such as an unusual location or unknown IP address, the transaction can be blocked, or additional authentication requested. Personal habits and regular movements can be learnt over time, so customers will have far fewer incidences of cards being temporarily blocked, or calls from the bank to check an individual transaction.
A solution like this offers benefits for consumers and banks alike. For financial institutions, it allows them to cut operating and administrative costs, as it instantly picks up unusual purchasing patterns without the need for human involvement and provides bank managers with detailed information on the nature of the potential fraud.
Furthermore, it enhances risk-management processes by establishing multiple layers of assessment, such as device, location and user behaviour. The customer, meanwhile, benefits from an effective security solution that does not compromise the seamless experience they expect from digital services. It also provides personalised authentication, altering the verification steps required based on the transaction and user profile.
Biometric technology can also be applied in cards themselves, to further help shift security away from the PIN and the password. The arrival of the biometric payment card will allow the holder to simply touch a fingerprint sensor embedded in the card when making a contact or contactless transaction. To confirm the customer’s identity, this image is compared with the one stored securely in the card’s chip. No data needs to be sent to a third party for authentication, eliminating the possibility of fingerprints being intercepted or any other tampering with the process.
The integration of biometric authentication within banking services will continue to improve with new technologies and contextual analysis techniques. Consumers will enjoy an even more seamless experience, but the industry must exercise extreme caution when working in this area. Biometric data is arguably the most personal and private data that anyone has. And unlike a password or PIN number, you are not able to change it.
If personal biometric data is compromised or lost, the impact on consumer confidence could be catastrophic. A recent study we commissioned showed that 44% of consumers would leave their bank in the event of a security breach, and 38% would switch to a competitor. That is why banks and other financial institutions interested in biometric technology must work with partners which have the security and technology expertise to ensure every link in the chain is protected. If they do not, their own customers will not accept it, and overall confidence in biometrics could be damaged – preventing the technology from meeting its full potential.
With fraud and cybercrime continuing to make headlines with depressing regularity, protecting customers from exposure to risk should be at the top of banks’ agendas, along with improving the customer experience.
But the margin for error is small. Consumers will not accept banks treating biometric data without the utmost care and protection, so banks must ensure their security strategies are robust and ready. If we can achieve that, greater peace of mind can be realised without compromising the speed and convenience on which the digital banking revolution has been built.