The future is biometric… but is it safe?

The future is biometric… but is it safe?

John Marsden

Head of Fraud and Identity at Equifax

Views 492

The future is biometric… but is it safe?

17.03.2016 02:00 pm

With high profile data breaches hitting the headlines, businesses are under increasing scrutiny to enhance their cybersecurity.  Data loss is no longer seen as a low-risk problem and is at the forefront of business priorities. The financial and reputational impact of falling victim to fraud is high.

Both big and small players in the financial sector have recognised passwords as a weak link in their security chains. A growing number are partnering with technology companies to implement new authentication processes, from fingerprints to iris recognition, or even full facial scans.

HSBC’s plan to introduce touch and voice ID security to access accounts by the summer is just one example of how financial institutions are embracing new technology. While the advances in biometric data certainly show promising signs for defending against fraud, will this be enough to put an end to it?

Passwords are close to becoming obsolete as a form of authentication used in isolation, partly with the growth of biometrics, but also because passwords have become too easy to compromise. Email addresses are a prime example of the flaws of passwords, and this area needs to be addressed urgently.  Once an email account is breached, fraudsters have access to a plethora of information as many other authentication processes are intertwined with an individual’s account. For example, if a customer ‘forgets’ their password for online shopping, this would be reset through their already infiltrated email address.

It’s clear that multiple security layers, combining different authentication methods, are the answer to strengthening defences. HSBC, for example, has implemented a two factor approach, with both touch and voice ID security. Biometrics are revolutionising the industry, but old methods still have relevance, especially if you’re not in a position to authenticate someone on their biometrics and need to fall back on traditional methods.  

Despite first appearances, implementing biometric data is not costly. In fact, smaller companies in the financial services sector have been leading the way. The larger banks are in some ways reacting to what they’re seeing from the smaller ‘challenger’ banks.  

Using biometrics does raise new areas of concern. For example, what happens when the biometrics of a fraudster are added when an account is set up; how do we know the correct person is actually being enrolled in the first place? Application fraud can lead to the fraudster being authenticated repeatedly once their personal characteristics are enrolled in the system. Indeed, if we ‘trust’ a particular method of authentication, this will become the point of attack. Essentially, we are creating electronic signals from devices which could be recreated. Chip and PIN suffered such a compromise, where an intermediate layer placed on the chip meant point of sale terminals recognised any pin entered as being valid.  This highlighted that the ultimate trust placed in the chip became the target for the fraudster.

Currently there is no central data bank of biometric data companies can use to confirm an individual’s identity. We may get there one day, but is this turning us into a Big Brother state? And what happens if this is breached? Questions like these will need to be addressed as biometrics become an increasingly used method of protection against external threats. Despite this, it is clear that multi-layering is the way forward if biometrics are to be effective against fraudulent activity; adding to the complexity of a trusted framework will inevitably make compromise more difficult.

Latest blogs

Nish Kotecha and Noslen Suárez PhD Finboot

How blockchain can help us have trust in the food we eat

Today’s food supply chains are global, connected and generally efficient, but the COVID-19 pandemic has shone a spotlight on areas of weakness. The urgent need for robust and resilient systems and processes has been brought sharply into focus, and Read more »

Chris Miller RSA Security

Back to Normality: Five Steps to Stay Resilient After Disruption

The financial services sector has lived through many global disruptions, but the nature of recent events has put an unprecedented strain on operational resilience; from needing to ensure critical functions could continue with skeleton staff and Read more »


How Technology Has Disrupted the Used Car Buying Experience

We’ve seen many fields change rapidly as a result of the integration of modern technological advancements over the last couple of decades. And it looks like more is coming on the horizon as well, judging by current trends. One of the markets that Read more »

Shuvo G. Roy Mphasis

Reboot 1.0: How financial services technology can enable the supply chain to support a post-lockdown boom

Ground control and Captain Tom When veteran Captain Tom Moore decided to walk one hundred laps of his garden before his 100th birthday to raise funds to support NHS heroes battling Covid-19 from the frontline, he never imagined that he would Read more »

Lisa Gutu Salt Edge

Building a PSD2 compliant channel: challenges and opportunities for financial institutions

PSD2 obliges ASPSPs including banks, e-wallets, prepaid cards and other companies that offer payment accounts to provide at least one channel for secure communication with third party providers (TPP). Even neobanks or e-money institutions, including Read more »

Related Blogs

Lina Andolf-Orup Fingerprints

Dispelling biometric myths and misconceptions

Gangsters cutting off enemies’ fingers to access secret locations and spies lifting fingerprints from martini glasses - the imagination of the entertainment world has been running wild ever since biometrics entered the scene. Couple that with the Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel