Biometrics: A Next Wave of Banking Authentication

Banks should view biometrics as one component in a suite of identity access methods, to be applied in a multi-factor authentication strategy.

That’s the recommendation of Mobey Forum, the financial industry association. In a whitepaper, it laid out that biometrics have deep applicability as a method of identification, authentication and authorization for mobile banking and payment services.

“Compared to entering a PIN or a password, biometrics offer a fantastically convenient user experience which is well-suited to the mobile environment, so it is easy to see why they are in such demand,” said Sirpa Nordlund, executive director, at Mobey Forum. “Naturally, banks and financial institutions are keen to offer this experience, but must also ensure they strike the right balance between convenience and security.”

In partnership with mobile, biometrics offers considerable benefits, especially with regard to user experience. It should be noted that biometrics is also potentially valuable in other areas of financial services such as employee screening, know-your-customer, online dealing transactions, and insurance.

There are, however, a number of key issues that exist that banks need to consider during deployment. Current positive consumer attitudes give a degree of early-mover advantage, but there is more work to be done when it comes to the development of common standards, evaluation criteria and certifications.

Mobey Forum survey shows that the vast majority of banks intend to implement biometrics in the relatively near future, just as the number of handset manufacturers planning to integrate biometric capabilities into their devices rises.

One effect of this integration of biometrics into mobile handsets is that it has removed a significant level of cost from banks. Banks must beware though that they do not lose a similar level of control. Biometric modalities that use integrated handset peripherals like the camera and microphone may help mitigate this issue by limiting the influence of OEM third parties.

To move forward, banks must make a range of choices about factors such as system architectures, biometric modalities, proprietary or open solutions, security, and collaboration versus competition. While the technology will continue to develop, collaboration and standardization will be the best way for banks to address this.

For banks and payment service providers, security is a minimum requirement, but convenience wins customers; they will not adopt security measures that are inconvenient. At the same time, historic concerns about biometrics, for example with regards to accuracy and price, are no longer so pressing, the whitepaper concluded. Other concerns, like security, however, still are. For biometrics to succeed, it must be used in combination with secure technologies for storage and processing.

Photo © Andrey_Kuzmin

What’s Hot on Infosecurity Magazine?