Banking on Biometrics!

Industry Transformations3 minutes readApr 22nd, 2014

Picture this: You are at an ATM, where you are required to enter your four-digit PIN number and scan your palm to withdraw cash. You are at a bank, where an iris scan determines proof of identity before processing your $20,000 wire transfer. You are prompted for a voice scan to complete the billing process while shopping for your favorite designer clothes online.

All these examples lead us to one conclusion – biometric modalities (“something you are” e.g., voice recognition, fingerprints/palmprints, iris, facial recognition) offer unique and more secure ways to authenticate user identity and shield ourselves against cybercrime. Needless to say, passwords will be superseded as biometrics goes mainstream.

Employing Factor 3: Biometrics in Multi-Factor Authentication (MFA)

A recent study on Identity Fraud by Javelin Strategy & Research shows:

  • In 2013, 13.1 million consumers in the US suffered identity fraud – the second highest level on record
  • A new identity fraud victim was hit every two seconds in America in 2013
  • One in three data breach victims in 2013 later experienced fraud, up from one in four in 2012

Since protection against identity theft remains the biggest challenge, the use of MFA has become critical. Security experts for long have pressed the need for authenticating transactions using three factors – Something you know (password, PIN); something you have (credential or token); and something you are (facial recognition, voice). Mobile devices enable a potential fourth factor “something you do” (like never use a laptop) along with contextual “where you are” (such as GPS location, date/time, IP addresses).

So, where exactly does biometrics fit in the MFA jigsaw? And does it offer special benefits to consumers and organizations who are in the business of financial services? While biometric verification is commonplace in immigration control and forensic investigations, banks and other financial organizations are increasingly employing biometrics to:

  • Improve security: The technology provides an additional layer of security and unequivocally links an individual to a transaction or event
  • Reduce fraud: By being hard-to-forge, biometrics offer extreme protection against identity theft with a high level of authentication
  • Eliminate password administration cost: Replaces hard-to-remember passwords which may be shared or observed
  • Improve privacy and regulatory compliance: By demonstrating layered security rather than single factor security, biometrics offer greater reliability and improved compliance to regulations

An Ideal Framework

As financial transactions get more personalized and safer with biometrics, banks can start looking at a scalable identity and biometrics framework that integrates fingerprint, face, iris and signature for identification, verification, and watch lists. The system works by combining the biometric, biographic and account data and matching it to arrive at one unique identity. For instance, the system establishes a level of trust for a user and transaction requested from a smartphone based on contextual information such as GPS, type of transaction, date/time, and historical trend. A risk score is then calculated for the transaction and the user by interfacing with an existing risk management system. If the confidence level is adequate for the risk level then the request is approved, else the system asks for biometrics such as face or voice or both.

With biometrics set to become a norm in authenticating transactions, it’s time banks adopt a holistic approach to security and move beyond traditional measures like PINs and passwords.

Tags-   Biometrics Javelin Strategy & Research Multi Factor Authentication