The Concept
Biometrics exploded onto the consumer financial market in a big way with payment tech – in 2014 Apple Pay and fingerprint sensor authenticated PayPal transactions saw to that – but when it comes to everyday users scanning their body and handling money, buying things is only, at best, half of the story. Biometric banking, while necessarily a little slower to gain momentum thanks to its greater risk profile, has picked up steam and now customers the world over can use multiple modalities to replace their old fashioned PINs, passwords and security questions.
The concept is the same as it always is with consumer-facing biometrics: striking a proper balance between convenience and security. When it comes to at-home banking, whether it’s over the phone or via an institution’s online portal, that means replacing passwords and security questions with the strong biometric authentication best suited for the specific situation. Meanwhile, when it comes to ATM transactions, it’s about replacing the PIN code normally used for identity verification.
In those first two spaces – over the phone and specifically mobile online banking – convenience is in high demand. Entering passwords on a mobile phone, with different cases of letters and symbols, is a tedious chore, since we insist on employing virtual QWERTY keyboards on devices best operated by thumbs. A biometric, in addition to bringing security and integrity to the transaction, is often dependent on a single action, like a fingerprint scan or a selfie, rather than the input of 8-16 characters.
When banking on the phone, a common security question is to list the most recent purchases made with a given transaction card. Considering how frequently shoppers choose plastic over cash, this practice can feel like taking an exam when all you want to do is make an inquiry or authorize out-of-country use of a credit card. Biometrics circumvent this obstacle while providing greater assurance that the person calling is in fact who they say they are.
The Modalities
When it comes to the phone banking scenario described above the choice of modality is obvious. Voiceprint authentication, when employed in a call center scenario for banking purposes, can positively authenticate a caller by the sound of her voice. Whether it’s phrase based, active authentication or passive natural speech authentication, voice biometrics keep the identity assurance high while allowing the call to proceed as it should, unmolested by security questions.
In the mobile space, modalities are a lot less niche. Fingerprints are some of the most publicly visible implementations of biometric access control in banking, thanks in most part to the implementation of Touch ID security by a growing number of institutions. Now, with biometric sensors becoming standard tech on mobile devices, fingerprint login is also growing in popularity. But, as usual, fingerprints are only part of the big biometric picture.
Because of online banking’s ubiquity, having fingerprint alternatives for authentication is highly beneficial. Biometric software can leverage truly standard hardware, like a phone’s microphone and camera, to bring face, voice and eyeprint recognition to mobile banking. The benefits of these technologies in this scenariois that they are easy to deploy – new and old phones alike can take advantage of all of those listed modalities.
Take, for instance, The System Works Group, a financial institution in Australia that offers Eyeprint ID login to its customers. Users wanting to use the biometric login feature don’t need to buy a ZTE Axon phone, which has EyeVerify tech built in, but can just download the proper app. Where a Touch ID login requires a user to buy a specific brand of high-end phone, The System Works Group lets customers use what they already have.
Biometric Banking in the Wild
One of the most successful deployments of biometric technology for mobile banking is that in use by USAA. Using biometric technology from Daon, the mobile banking app allows users to authenticate via face, voice, fingerprint or multi-factor depending on their needs. It was deployed a year ago and recently hit the one-million user mark.
We can learn a lot from the USAA app, which owes a lot of its success to the convenience of choice. Its three featured modalities vary in popularity, according to analysis first reported in May of this year. Facial recognition and fingerprint are proving to be more popular among users, a good portion of whom are seniors, according to the data discussed in an American Banker article. Seemingly, it would appear that when it comes to mobile sign on, speaking out loud is too intrusive to beat out the other two silent modalities.
It is in that observation that we see the meticulous nature of finding the right modality for the right deployment, and why banking is benefited by a diverse range of options. In the USAA deployment, voice is especially useful for adding a layer of security onto the facial recognition modality, while, face alone will meet the needs of someone looking for quiet, contactless authentication.
During the biometrics panel FindBiometrics hosted at this year’s Money20/20, Connor White, President – Americas, Daon, summarized the multimodal nature when discussing system integrity:
“There are many different attributes. Biometrics is not about fingerprint, or face or voice or iris or… you know, earlobe. It’s about all of that. And you can bring all of that together. Today, on your phone, you have GPS location you have secure keys, crypto, you have – every smartphone I know of – you have face and voice, and you have fingerprint on most of the next generation phones. In Japan you have iris. So there’s a lot more we can do around a human being.”
So, when it comes to biometrics in banking, we are talking about a lot of different topics, but in the end it all comes down to one thing for the consumer: is my security convenient enough for me to go through it. Finally, thanks to innovations in mobility and biometrics, the answer is quite often a resounding “Yes.”
*
Stay posted to FindBiometrics throughout November as we continue to bring you a featured examination of biometrics in finance. Follow us on Twitter and tweet using the hashtag #FBFinTech during Financial Biometrics Month to be a part of the conversation.
—
November 12, 2015 – by Peter B. Counter
Follow Us