Fingerprint recognition, now mostly used for unlocking smartphones or laptops, is increasingly being taken up by early adopters for proximity paymentsOpens a new window through ApplePay and SamsungPay, and will soon be used for online payments and other financial applications.
Biometric authentication – voiceprint and facial recognition, itself already used by smartphones, are two other possibilities – will soon replace PINs and passwords. Biometrics are not only far more convenient for consumers, they are much more secure. They cannot be hacked or duplicated. The data can be kept on the device, rather than on a server or in the cloud, and can remain secure even if the device is stolen.
The move to biometrics comes as hacking of traditional security measures increases. Hackers not only breach databasesOpens a new window for individual information, they have become much more adept at hacking entire payments platformsOpens a new window , from ATMs to bank transfer systems such as SWIFT – stepping up pressure for improved security.
Fingerprint recognition is being used in a trial for chip-card payments, replacing the PIN code. British private bank Coutts is using voiceprint technology to authenticate customersOpens a new window by the timbre of their voice, replacing security questions and speeding up calls. France’s Société Générale allows customers open a bank account with a selfie instead of showing up at a branch.
Two-factor authentication
New legislation such as the European Union’s revised Payments Services Directive requires two-factor authentication. Alongside a PIN, a biometric feature is likely to to be the second. Europe’s open banking framework requires so-called strong customer authentication for banks to share customer data with other providers, with biometrics one of the options.
Biometrics are interacting with application programming interfaces, the key to sharing data on open banking platforms. Beyond physical characteristics, behavioral biometrics can track how a consumer swipes a mobile screen or uses a keyboard, and call on it as the basis for recognition and fraud prevention.
But these new methods do not come easy to banksOpens a new window . A recent study indicates that 96% still rely on usernames and passwords for authentication, although these have become increasingly easy for fraudsters to uncover. Even institutions adopting multi-factor or alternative authentication methods are finding they have too many disparate tools that are difficult to coordinate.
First-world problem
That is a big obstacle to improving authentication, but customers are impatient to benefit from better technology. They don’t like to wait for access to financial services, but they do realize that legacy protection measures need bolstering. For that reason, 60% of institutions surveyed say they will invest in authentication technologies this year, including those based on biometrics, artificial intelligence and machine learning.
To a large extent, it is a first-world problem. Some emerging markets are able to leapfrog technological stages, bypassing the legacy username and password system,. India routinely registers citizens for social welfare paymentsOpens a new window with fingerprint and iris scan recognition, and now has more than a billion identities in its database.
But customer preferences will drive the transition. Juniper Research estimates that mobile biometrics will authenticate $2 trillion in sales by 2023, compared with $124 billion last year. Fingerprint recognition will dominate, but voice and facial recognition are playing a growing role. Juniper estimates that 90% of today’s smartphones can support facial recognition software and 80% voice recognition. Along with behavioral biometrics, these methods will be in use in 1.5 billion smartphones by 2023, the group estimates.
Facilitating interaction
Biometric authentication can facilitate access to financial data and various services, and it is also important for interaction among different various apps or sites. Bank of America uses an app linking featureOpens a new window that enables a customer to switch from the bank to Merrill Lynch or to U.S. Trust using a single fingerprint scan. These are all Bank of America operations, but it shows how an open banking platform could link services from various vendors through a single authentication.
IBM has jumped into the fray with partner United Biometrics, offering an anti-fraud biometric open banking platformOpens a new window designed to increase customer convenience and security while complying with new data privacy requirements. The partners offer a wide array of biometric products for payments, e-commerce and other financial transactions, as well as industry, corporate and government applications.
Some consumers consider biometric authentication invasive, or fear that fraudsters will find a way to acmes and use the stored data. But the arguments in favor of biometrics seem more compelling now to banks as they seek to make financial transactions more secure and convenient.