Are We Safe to Bank on Biometrics?

Paul Dignan

Global Technical Account Manager at F5 Networks

Views 385

Are We Safe to Bank on Biometrics?

05.10.2017 07:45 am

For financial institutions, the primary goal of digitisation is making banking simpler and more intuitive for customers. Biometric identification has huge potential, offering convenience, simplifying password management and providing a frictionless authentication process. However, combining the desire for ease of use with the need to improve security is a difficult balancing act. With biometrics in banking rapidly gaining momentum, it is equally becoming an area of great interest for cybercriminals, meaning the security of the apps and systems that support these mechanisms is more critical than ever.

Biometrics offer an exciting new frontier in security, with the global biometric system market expected to reach an estimated$32.4 billion by 2022. From TouchID to iris scanning, and facial to voice recognition technology, consumer demand for biometric authentication is increasing, with research from Mastercard and Oxford University showing banks and their customers favour the use of biometrics in consumer financial services.

Many financial institutions have already put the technology to use. Wells Fargo began offering revolutionary eye-recognition technology as a security measure for corporate customers in 2016, and financial services company USAA has been offering users the option to log in using face and voice recognition technology since the beginning of 2015. Voice recognition technology has also been employed by CitiBarclays and HSBC to verify customer identity when phoning a customer service line and Santander has started trialling a voice-based chat in their standalone app, SmartBank.

Is biometrics a fool proof way to keep hackers at bay?

Despite their potential, biometric-based authentication is not failsafe and poses its own security challenges. The unique nature of biometric verification, and the fact that the digitised record is stored and encrypted locally in a secure portion of your device, does make the data better protected than traditional verification methods. However, the risks surrounding this type of data are greater. Unique, permanent biological identifiers can’t be changed or replaced in the event of a breach, so they are very dangerous if they end up in the wrong hands. 

The risk of a criminal stealing your eyeball (à la Tom Cruise in Minority Report) is mere science fiction fantasy; the real risk is the chance that a hacker could gain access to the digitised record of biometric data. The National Fraud Authority estimates that £3.3 billion is currently lost through identity crimes each year. Imagine how this could increase if hackers could access biometric data.

What’s the key to protecting biometric credentials?

Although biometrics offer an extremely strong alternative to traditional authentication methods, such as passwords and PINs, there is no such thing as 100 percent security, but having multiple gatekeepers in place can fortify the security of apps and systems. The more different proofs of identity required through separate routes, the more difficult it becomes for a cybercriminal to steal a consumer’s identity or to impersonate them.

As technologies progress, machine learning offers the potential to help banks authenticate users based on multiple assessments, including behaviour, appearance, voice and even the speed at which they type. With such capabilities, a user’s device can constantly calculate a trust score that the user is who they claim to be. According to Deloitte, together these factors are 10 times safer than fingerprints and 100 times safer than four-digit PINs.

Furthermore, solutions are being developed to solve the issue of biometric records being re-used when stolen. For example, a new approach is to split the biometric information between the user’s device and the data centre storage, meaning that if one is compromised, the hacker will not have all the information needed to gain verification.

How will biometric security continue to evolve?

New techniques are emerging that remedy some of the typical challenges associated with biometric solutions, including a lack of capability on the user device and verification failure (facial recognition is prone to problems with lighting conditions). Regardless of the challenges, biometric technology provides organisations with another layer of defence against cyber criminals while simultaneously streamlining the customer experience. This has been successfully adopted by many financial institutions, with great promise to further transform digital banking. 

As our lives move progressively online, the level of personal data stored by organisations, the stakes are becoming higher for businesses to ensure consumers’ data is fully protected. At the same time, lucrative areas, such as digital banking, are at the top of cybercriminals target lists. Even with the higher level of security that biometrics promise, having multiple gatekeepers in place is the only way to guarantee the highest level of security.

Latest blogs

Mark Jackson Collinson

How traditional players can close the gap on challenger banks

Earlier this year, Starling Bank and Monzo became the top two banks in terms of customer satisfaction in the UK, knocking incumbent First Direct from the number one spot[1]. Interestingly, this news coincided with a decline in interest in app-only Read more »

David Worthington Rambus

Securing real-time payments with tokenization

For banks, direct debit (ACH) fraud represents a bigger financial risk than card fraud. In particular, growing momentum for real-time payment schemes across the world is creating huge opportunities for fraudsters and placing increasing pressure on Read more »

Paul Herdman EMEA Qumu

How Aberdeen Asset Management is using video in the cloud to drive engagement and increase market exposure

To most organisations this should sound like a question with an obvious answer - a good live streaming event usually means clear audio, a decent picture and a tolerable amount of buffering. But the real question should be “Do decision-makers in Read more »

Alan Platt CyberHive

For Finance Professionals It’s Time for a Change in Cyber Risk Strategy

Cyber-attacks are now one of the biggest threats to the UK financial system according to respondents in a recent Bank of England survey¹. The survey’s findings place cyber-attacks in joint second place of threats seen as the biggest risk to the Read more »

Jordan Schwartz Cordium

RegTech: Five Key Processes to Drive Efficiency

Compliance professionals face an ever-greater range of obligations. While regulators do not deliberately go out of their way to devise “tick-box” regulations, the reality is that the raft of new rules established over the last decade has resulted in Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App