Picture this: You are at an ATM, where you are required to enter your four-digit PIN number and scan your palm to withdraw cash. You are at a bank, where an iris scan determines proof of identity before processing your $20,000 wire transfer. You are prompted for a voice scan to complete the billing process while shopping for your favorite designer clothes online.
All these examples lead us to one conclusion – biometric modalities (“something you are” e.g., voice recognition, fingerprints/palmprints, iris, facial recognition) offer unique and more secure ways to authenticate user identity and shield ourselves against cybercrime. Needless to say, passwords will be superseded as biometrics goes mainstream.
Employing Factor 3: Biometrics in Multi-Factor Authentication (MFA)
A recent study on Identity Fraud by Javelin Strategy & Research shows:
Since protection against identity theft remains the biggest challenge, the use of MFA has become critical. Security experts for long have pressed the need for authenticating transactions using three factors – Something you know (password, PIN); something you have (credential or token); and something you are (facial recognition, voice). Mobile devices enable a potential fourth factor “something you do” (like never use a laptop) along with contextual “where you are” (such as GPS location, date/time, IP addresses).
So, where exactly does biometrics fit in the MFA jigsaw? And does it offer special benefits to consumers and organizations who are in the business of financial services? While biometric verification is commonplace in immigration control and forensic investigations, banks and other financial organizations are increasingly employing biometrics to:
An Ideal Framework
As financial transactions get more personalized and safer with biometrics, banks can start looking at a scalable identity and biometrics framework that integrates fingerprint, face, iris and signature for identification, verification, and watch lists. The system works by combining the biometric, biographic and account data and matching it to arrive at one unique identity. For instance, the system establishes a level of trust for a user and transaction requested from a smartphone based on contextual information such as GPS, type of transaction, date/time, and historical trend. A risk score is then calculated for the transaction and the user by interfacing with an existing risk management system. If the confidence level is adequate for the risk level then the request is approved, else the system asks for biometrics such as face or voice or both.
With biometrics set to become a norm in authenticating transactions, it’s time banks adopt a holistic approach to security and move beyond traditional measures like PINs and passwords.