Are We Safe to Bank on Biometrics?

Paul Dignan

Global Technical Account Manager at F5 Networks

Views 307

Are We Safe to Bank on Biometrics?

05.10.2017 07:45 am

For financial institutions, the primary goal of digitisation is making banking simpler and more intuitive for customers. Biometric identification has huge potential, offering convenience, simplifying password management and providing a frictionless authentication process. However, combining the desire for ease of use with the need to improve security is a difficult balancing act. With biometrics in banking rapidly gaining momentum, it is equally becoming an area of great interest for cybercriminals, meaning the security of the apps and systems that support these mechanisms is more critical than ever.

Biometrics offer an exciting new frontier in security, with the global biometric system market expected to reach an estimated$32.4 billion by 2022. From TouchID to iris scanning, and facial to voice recognition technology, consumer demand for biometric authentication is increasing, with research from Mastercard and Oxford University showing banks and their customers favour the use of biometrics in consumer financial services.

Many financial institutions have already put the technology to use. Wells Fargo began offering revolutionary eye-recognition technology as a security measure for corporate customers in 2016, and financial services company USAA has been offering users the option to log in using face and voice recognition technology since the beginning of 2015. Voice recognition technology has also been employed by CitiBarclays and HSBC to verify customer identity when phoning a customer service line and Santander has started trialling a voice-based chat in their standalone app, SmartBank.

Is biometrics a fool proof way to keep hackers at bay?

Despite their potential, biometric-based authentication is not failsafe and poses its own security challenges. The unique nature of biometric verification, and the fact that the digitised record is stored and encrypted locally in a secure portion of your device, does make the data better protected than traditional verification methods. However, the risks surrounding this type of data are greater. Unique, permanent biological identifiers can’t be changed or replaced in the event of a breach, so they are very dangerous if they end up in the wrong hands. 

The risk of a criminal stealing your eyeball (à la Tom Cruise in Minority Report) is mere science fiction fantasy; the real risk is the chance that a hacker could gain access to the digitised record of biometric data. The National Fraud Authority estimates that £3.3 billion is currently lost through identity crimes each year. Imagine how this could increase if hackers could access biometric data.

What’s the key to protecting biometric credentials?

Although biometrics offer an extremely strong alternative to traditional authentication methods, such as passwords and PINs, there is no such thing as 100 percent security, but having multiple gatekeepers in place can fortify the security of apps and systems. The more different proofs of identity required through separate routes, the more difficult it becomes for a cybercriminal to steal a consumer’s identity or to impersonate them.

As technologies progress, machine learning offers the potential to help banks authenticate users based on multiple assessments, including behaviour, appearance, voice and even the speed at which they type. With such capabilities, a user’s device can constantly calculate a trust score that the user is who they claim to be. According to Deloitte, together these factors are 10 times safer than fingerprints and 100 times safer than four-digit PINs.

Furthermore, solutions are being developed to solve the issue of biometric records being re-used when stolen. For example, a new approach is to split the biometric information between the user’s device and the data centre storage, meaning that if one is compromised, the hacker will not have all the information needed to gain verification.

How will biometric security continue to evolve?

New techniques are emerging that remedy some of the typical challenges associated with biometric solutions, including a lack of capability on the user device and verification failure (facial recognition is prone to problems with lighting conditions). Regardless of the challenges, biometric technology provides organisations with another layer of defence against cyber criminals while simultaneously streamlining the customer experience. This has been successfully adopted by many financial institutions, with great promise to further transform digital banking. 

As our lives move progressively online, the level of personal data stored by organisations, the stakes are becoming higher for businesses to ensure consumers’ data is fully protected. At the same time, lucrative areas, such as digital banking, are at the top of cybercriminals target lists. Even with the higher level of security that biometrics promise, having multiple gatekeepers in place is the only way to guarantee the highest level of security.

Latest blogs

Lina Andolf-Orup Fingerprints


As something of a Money 20/20 series veteran, having attended the Europe and Vegas editions several times, it was with great curiosity and even greater expectations that I set off to the first Asian event. Read more »

Money20/20 Fingerprints


As something of a Money 20/20 series veteran, having attended the Europe and Vegas editions several times, it was with great curiosity and even greater expectations that I set off to the first Asian event. Read more »

Peter Janes Shieldpay

Fridays with Fintechs: Using Digital Escrow to Reduce Fraud

A friend of mine had his car stolen when trying to sell it to someone he met online. He handed over the keys to the potential buyer for a test drive and the moment he turned his back to make the buyer a cup of tea, the car was gone. He never Read more »

Ed Molynex FreeAgent

Comment from FreeAgent CEO: HMRC May Use AI to Monitor “Compliance” with Tax Laws

I’m not surprised to hear that HMRC is looking to artificial intelligence when it comes to tax compliance. Automation is already becoming an increasingly integrated part of financial reporting and management and it’s a trend that shows no sign of Read more »

Matt West Feefo

The open secret in banking – artificial intelligence will lock in more customers

In retail banking there are many areas where regulation and competition is now very fierce. The entry into the market of challenger banks and fintechs has increased the pressures immensely, offering exciting new ways of providing services and Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App