The future is biometric… but is it safe?

The future is biometric… but is it safe?

John Marsden

Head of Fraud and Identity at Equifax

Views 402

The future is biometric… but is it safe?

17.03.2016 02:00 pm

With high profile data breaches hitting the headlines, businesses are under increasing scrutiny to enhance their cybersecurity.  Data loss is no longer seen as a low-risk problem and is at the forefront of business priorities. The financial and reputational impact of falling victim to fraud is high.

Both big and small players in the financial sector have recognised passwords as a weak link in their security chains. A growing number are partnering with technology companies to implement new authentication processes, from fingerprints to iris recognition, or even full facial scans.

HSBC’s plan to introduce touch and voice ID security to access accounts by the summer is just one example of how financial institutions are embracing new technology. While the advances in biometric data certainly show promising signs for defending against fraud, will this be enough to put an end to it?

Passwords are close to becoming obsolete as a form of authentication used in isolation, partly with the growth of biometrics, but also because passwords have become too easy to compromise. Email addresses are a prime example of the flaws of passwords, and this area needs to be addressed urgently.  Once an email account is breached, fraudsters have access to a plethora of information as many other authentication processes are intertwined with an individual’s account. For example, if a customer ‘forgets’ their password for online shopping, this would be reset through their already infiltrated email address.

It’s clear that multiple security layers, combining different authentication methods, are the answer to strengthening defences. HSBC, for example, has implemented a two factor approach, with both touch and voice ID security. Biometrics are revolutionising the industry, but old methods still have relevance, especially if you’re not in a position to authenticate someone on their biometrics and need to fall back on traditional methods.  

Despite first appearances, implementing biometric data is not costly. In fact, smaller companies in the financial services sector have been leading the way. The larger banks are in some ways reacting to what they’re seeing from the smaller ‘challenger’ banks.  

Using biometrics does raise new areas of concern. For example, what happens when the biometrics of a fraudster are added when an account is set up; how do we know the correct person is actually being enrolled in the first place? Application fraud can lead to the fraudster being authenticated repeatedly once their personal characteristics are enrolled in the system. Indeed, if we ‘trust’ a particular method of authentication, this will become the point of attack. Essentially, we are creating electronic signals from devices which could be recreated. Chip and PIN suffered such a compromise, where an intermediate layer placed on the chip meant point of sale terminals recognised any pin entered as being valid.  This highlighted that the ultimate trust placed in the chip became the target for the fraudster.

Currently there is no central data bank of biometric data companies can use to confirm an individual’s identity. We may get there one day, but is this turning us into a Big Brother state? And what happens if this is breached? Questions like these will need to be addressed as biometrics become an increasingly used method of protection against external threats. Despite this, it is clear that multi-layering is the way forward if biometrics are to be effective against fraudulent activity; adding to the complexity of a trusted framework will inevitably make compromise more difficult.

Latest blogs

Danny Scott CoinCorner

Bitcoin: An Explosive 2020?

“By now, a lot of people have heard of Bitcoin. It’s been running consistently for just over 11 years and has enjoyed it’s fair share of positive and negative media attention. Many eyes have been on Bitcoin since the bull run of 2017, with people Read more »

Bernard Foot MYHSM

Use of cash after COVID-19

Recently, I looked at the question of whether using cash presented more of a COVID-19 health risk than using contactless. There was no convincing evidence either way, but it’s clear that there’s a sentiment against handling cash and Read more »

Shaun Collings Pure Storage

Change Starts from Within: Overcoming Digital Transformation Barriers in the Public Sector

Across the public sector there are various forms of digital transformation taking place, at different stages of progress.  Part of the driver for this is that citizens now expect a level of service akin to what they receive from private Read more »

Jonas Andersson Fingerprints

In Consumer Biometrics We Trust: Authentication For the Data Privacy Age

Data privacy is high on the global agenda. In the wake of data protection policies such as Europe’s GDPR, ensuring the integrity of personal data is an increasingly pertinent subject. This is a governmental and corporate policy reflection of the Read more »

John Burgos Mindgate Solutions

Overcoming anxiety around mobile payments & digital payments - In the South Asia Pacific

Innovation and technology usually go hand in hand.  Therefore, for innovation to be fully realized, the technology that enables the innovation must be adopted as well.  During the last 5 years, we have had innovations from Google, Apple, Read more »

Related Blogs

Lina Andolf-Orup Fingerprints

Dispelling biometric myths and misconceptions

Gangsters cutting off enemies’ fingers to access secret locations and spies lifting fingerprints from martini glasses - the imagination of the entertainment world has been running wild ever since biometrics entered the scene. Couple that with the Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel