How Long Before Banks Bank on Biometric for Payments

Though biometrics have been used as a means of authentication from personal computers for a while now, the payments industry had been slow to embrace it.

Biometric payments are the answer to consumers’ growing frustration with passwords, PINs and mobile payment security. Though biometrics have been used as a means of authentication from personal computers for a while now, the payments industry had been slow to embrace it. Until now. As mobile payments are steadily picking up pace, the value of biometric security is being realized by the financial services industry. The current landscape The Apple iPhone 6 series comes with a fingerprint scanner, which is possibly the most recognized biometric security feature in use presently. Companies such as SmartMetric, Biyo Wallet and Daon are using biometric authentication for cards. The biometric fingerprint identification on Apple Pay offers greater security than magnetic stripe card payment as well as chip-and-signature transactions. It is not a surprise then that many companies are using Apple’s built-in fingerprint sensor Touch ID as an inspiration to facilitate payment authentication. An option to fingerprint scanning is a camera and voice recorder, which have given rise to biometric face and voice recognition solutions. Facial and voice recognition Facial recognition technology uses a PC’s or smartphone’s camera to scan customer’s face, and requests the customer to blink in order to verify that he/she is a live person and not a photo. The PC or phone captures a photo to complete authentication. As far as voice recognition is concerned, the customer’s voiceprint is stored by the institution in question. When payment is initiated, the customer is asked to read a randomly-generated phrase to authenticate his/her speech pattern by comparing it against the stored pattern. Some biometric security solutions store customers’ fingerprint, photo or voice recording. In other solutions, the algorithm based on data from customers’ biometric data generates a unique code, which is then stored. During every new action for authentication, the device uses the same algorithm to generate a new code against the stored one to decide if they are similar enough to allow authentication. The objective of this approach is to prevent the institution or the user from recreating the original source data and reuse it to interfere with the authentication system. Since September 2015, Barclays has been offering customers personal biometric scanners for internet banking. Their iPortal banking hub uses Hitachi’s Finger Vein Authentication Technology that scans account holders’ finger before allowing access to their online accounts and authorizing payments. USAA is also among the first to implement voice and facial recognition across its entire membership base. Over 100,000 members are using the biometrics option - which is basically a smartphone app that prompts them to blink and scans their face for authentication - to make deposits, pay bills and transfer funds. MasterCard is trialing selfie-pay technologies that use facial scans to verify online purchases. It is currently running two pilots in the Netherlands and United States. Innovative biometrics security solutions In 2014, Poland introduced finger vein ID cash machines. These ATMs allow users to withdraw money by pressing their finger on an infrared reader that identifies them from the unique vein patterns in their hands. It has a feature that detects if the hand is actually ‘live’ or ‘real’, to cast away the risk that robbers may chop off a person’s finger to loot cash from their bank account. Google and eSkin technology company VivaLnk have developed Digital Tattoo, a paper-thin, nickel-sized adhesive that users can wear on their skin. In its early application, Digital Tattoo allows users to unlock their smartphone using electronic authentication. Vein Pattern Scanning is another security method where a user’s palm is scanned in a manner similar to fingerprint scanning, and the individual patterns are used to confirm payment. Microsoft Windows 10 OS has biometric security built into laptops, smartphones and tablets. Known as Hello, it scans user’s face or iris with Intel’s infrared RealSense 3D camera. Hello uses asymmetric key cryptography, a proven technology that powers the security features in smart cards. It has a 1 in 100,000 false accept rate, and as such, is more secure than a password. The case for and against swift adoption of biometrics by banks Biometric authentication is quicker and easier than typing a PIN or password. The potential benefits of this method include reduced transaction times, greater customer satisfaction, and an increase in the number of transactions processed. As the back-end wouldn’t have to generate one-time passwords, biometrics can also help increase server capacity. Also, by eliminating the need to issue SMS alerts and authentication tokens, biometrics can save banks money over the long term. Though biometrics encompasses a variety of technologies, the current biometrics solutions are immature. This apart, mass adoption of biometrics security by banks is not expected to occur any time in the near future. Compliance issues resulting from the use of biometrics will first need to be addressed before customers can confidently allow banks to utilize their biometric data. Nidugondi is Senior VP & Head of Mobile Financial Solutions  


Around The World