Mobile banking is spearheading the adoption of biometrics for retail banks as users look for easier access to their accounts, and better ways of interacting with technology, safely.
Referring to the identification of an individual through the use of their genetic data, biometrics most commonly use fingerprints, DNA, iris, or voice patterns to recognise individuality. Whilst this technology has often been seen in sci-fi movies, it is only now that the mainstream consumer is starting to contemplate the impact biometrics will have on their everyday lives.
Modern mobile devices like the iPhone with its TouchID, and the Nymi heart rate band which charts your “unique cardiac rhythm”, have started to replace passcodes and allow instant access to password protected websites. Biometrics are in no way new. Many people have relied on them for decades. Fingerprint monitoring has been used from as early as 1858, iris recognition was proposed in 1936, with the first design patent for iris algorithms being granted in 1994, and my employer (Nationwide Building Society) successfully piloted iris scanning ATMs in the late 90s. Biometrics has also facilitated sports and leisure events. During the 28 days of the 1996 Olympic Games, 1 million hand scans were successfully taken to grant access to areas around the park.
Unfortunately, biometrics alone are not yet a failsafe; facial recognition was used at the Superbowl in 2001 and aimed to capture wanted people in the USA. Whilst no suspects were found, false positives did cause upset for some innocent spectators, marking the need for better computer systems to analyse and match data. Herein lies the key to progress.
Whilst the availability of mobile devices has been a significant stimulus for biometrics, the main driver behind the roll out of biometrics authentication as a replacement for passwords in mainstream markets is more likely to be related to the development of computers that can now process this data reliably and at a more reasonable cost.
You need a password to do that
Accessing data through the internet is impeded by passwords at every junction. Consumers know they need to create unique passcodes for each application, but when it starts to feel like you need to use 5 passcodes before you have even brushed your teeth in the morning, it’s easy to see why users want a more streamlined journey.
Consumers suggest they are open to the use of biometrics data to speed up access to information and improve their user experience, but they also express caution about the personal data they are providing, often without acceptable guarantees understood in advance about its use. It is critical for consumers to know how and where the information will be stored, and to agree on whether this is the most secure place for it. Privacy and security factors need to be considered alongside convenience of use, i.e. does the personal recognition data need to be stored locally on the user’s device, meaning they must activate each device separately, or is it stored centrally so they are recognised on any device?
In order for retail banks to develop biometrics authentication processes for their customers, a balance of security vs ease of use must be satisfied. Electronic processing of biometrics data is in its relative infancy – the risk of fraud still to be fully understood – but this must be considered in the light of the overall risk of fraud. It is estimated that £450.4 million was lost in the sector due to card fraud in 2013, a rise from the previous year. We recognise this as an industry and yet still utilise password protection against this backdrop of increasing failure. Biometrics may be exposed to fraudulent activity, but does this leave us any more vulnerable than we already are? I suggest not. Maybe a combination of methods is the answer. Ben Horan of Unisys recently commented to me:
“In order for banks to provide intelligent, frictionless services across all of their channels, they have to adopt a robust and secure Identity and Credentialing Framework, which can be seamlessly integrated into any process. Think of it as a ‘grey-scale’ of authentication using simple information that you know, adding information about where you are and then going further to introduce what you are. That biometric layer (iris/palm vein/cognitive signature), when used correctly, can further smooth a transaction or process by improving the bank’s confidence that they are interacting with the right person. Only by being prepared to use any factor, across any channel for any interaction can banks get that step closer to secure, intelligent and frictionless service provision.”
I believe the key to driving customer engagement in biometrics will be in the ability to nurture trust with consumers. They need to know that their security is being treated with the upmost respect. Research suggests consumers want to feel part of an authentication process, and that they are uncomfortable at the prospect of biometric data authorising transactions, such as payments, in a manner which appears to omit them from the control step of actually ‘triggering the payment’. They want to maintain conscious control of validating transactions – they just expect it to be as simple as possible. Easier than typing a password.
The time is now
Barclays has introduced voice recognition and finger vein scanners for account access for their wealth customers, with plans to roll this out to the wider banking customer during 2015. I believe we will see interesting developments from others over the course of this year.
Looking ahead, the US military could be developing technology that will shape the future of biometric validations. They are currently developing what is known as cognitive identifying verification systems. This could be the next step on from finger prints and iris recognition. Users will be identified and authorised by analysing the way they log on, navigate, and type on their computer. All of this provides a unique set of behavioural biometrics data by which to validate a request.
As press reports speculate on the timing and temptation of criminals poised to crack our mobile wallets open with imitations of our fingerprints, could behavioural biometrics be the answer, or part of it? We will see.