February 2018

A new definition of security. Biometrics in digital banking

Biometric technologies, such as finger vein or iris recognition, have been the mainstay of science fiction movies and literature for decades. Perhaps, that is why some people, including decision makers of financial institutions, think of them as mere curiosity.

When all the while, banks are already using their enormous potential to make banking more secure and convenient than ever before, gaining approval and appreciation from both individual and corporate customers. Let’s take a closer look at how biometrics redefines digital banking.

According to a report by Deloitte [1], the majority of individuals aged 16-24 view security measures, such as passwords, as “an annoying extra step before making an online payment”. It probably would have been more bearable if this annoyance really ensured secure transactions. But 2017 saw some of the biggest data breaches ever [2]. Financial institutions were not spared, with as many as 400,000 accounts compromised in one attack alone [3].

Aware of all that, management of banking institutions have been experimenting with various other methods. Some of them include passphrases, social sign-ins, multiple devices, or even multi-factor authentications that may include various combinations of those methods with a password for increased security.

Even the sheer number of these methods shows that there is no clear winner. All of them compromise either security or user experience to some extent. Therefore, further research has been carried out to take the banking industry to a world beyond passwords.

The answer – biometrics

For the past decade, biometrics has been by far the most promising and prolific direction in which progress in authenticating users has been moving.

Biometrics is the study of distinctive and measurable human characteristics that can be used to label and describe any individual. Those characteristics, or biometric identifiers, can be anything from fingerprints and veins, palm veins, iris, retina, face, voice, or even handwritten signature – as long as it is something unique for any individual. For example, the patterns of blood vessels in the finger or palm are so complex that no two individuals possess the same. The identifier’s lack of propensity to change with time or due to illness is also very important. All the identifiers mentioned above meet these conditions, albeit with some exceptions (e.g. iris texture may change as a result of certain surgeries).

New reality in the making – biometrics goes mainstream

Since traditional methods of authenticating have been consistently proving such security hazard and UX pain, some financial service decision makers began to realize that a whole new method would be welcomed by users. Furthermore, everyone wanted to be at the forefront of designing long-awaited standards of user authentication. As research and development of biometric technologies progresses, more and more banks jumped on the bandwagon.

Lloyds Banking Group, a major British bank, partnered with Microsoft to offer their customers a new way to access their accounts from Windows 10 devices – via fingerprint or facial recognition. What’s important, the device can recognize the face of the user – as opposed to an image, ensuring that no impersonator will be able to exploit it [4] . Aside of clear security benefits, Lloyds’ representatives believe that getting rid of passwords in favor of this quick and highly personalized method will greatly improve user experience.

KB Kookmin Bank, one of the largest financial institutions in South Korea, is already enjoying great success with biometric technologies. Its innovative use of iris scanner of mobile devices to allow its customers to access their accounts earned them the top spot on Korea’s Highest Brand of the Year survey in 2016.

The technology used by IDFC (Infrastructure Development Finance Company), a major financial company from India, is perhaps one of the most exciting examples of leveraging the potential of biometrics. At its base is Aadhaar – a 12-digit unique number issued to all Indian citizens based on both biometric and demographic data. As a result, their Aadhaar number and fingerprint is enough to make payments with participating vendors.

Innovative companies and startups from the financial sector are constantly leveraging biometrics to improve the solutions they offer. For example here at LiveBank’s we have created a virtual branch platform, which allows banks to combine the advantages of physical locations and self-care online banking. This platform also makes use of biometric identifiers to improve security and user experience. During the eKYC process, remote onboarding of new customers, the solution uses facial biometrics to verify customers identity and compare them to their ID. The process has been launched with great success at Bank Zachodni WBK in Poland, and let the bank acquire a lot of new customers.

And there is more where it came from. What once was thought of as a fantasy, has become a reality. But the story doesn’t end here.

The many faces of biometrics

As previously mentioned, there are a lot of biometric identifiers:

  • Finger/palm vein – using unique vein patterns present beneath the skin’s surface in a finger or palm.
  • Fingerprint recognition – confirming identity based on the comparison of two fingerprints. This method is especially popular with mobile devices[5].
  • Voice/speaker recognition – refers to recognizing an individual by the characteristics of their voice (as opposed to speech recognition, which recognizes what is being said).
  • Face recognition – using various technologies such as computer algorithms or 3D sensors to recognize a face using measures such as relative position, shape or size of eyes, nose, jaws and more.
  • Iris recognition – leverages the complex patterns of the irises in the eye of each individual.
  • Retinal scanning – often confused with iris recognition, refers to the identification of blood vessels in the human retina.
  • Handwritten signature – using handwritten signature patterns to identify an individual.

However, finding a biometric identifier is merely the first step to making it a feasible technology for the banking industry. That’s because each method worth consideration must [6] :

  • be highly secure,
  • provide protection from piracy,
  • be socially acceptable,
  • be practical and simple to use,
  • be universal.

As a result, only some biometric technologies have already made their way into banking mainstream. In particular, it’s finger vein, fingerprint, face, voice and handwritten signature. However, some of the examples mentioned above show that a lot of financial institutions are ready to test even some of the more controversial technologies if they believe they can provide security and user experience benefits.

Biometric trends – possibilities limited only by imagination

Biometric technologies in banking are still rapidly growing. And the trend is sure to continue. It’s not surprising, considering just how many benefits it provides for financial institutions.

Aside from minimizing various security risks (both internal and external frauds) and improving customer user experience, it can also greatly help in cost optimization. By introducing biometrics into its banking processes, it’s possible to eliminate the bulk of paper documents and cards and reduce time dedicated to customer service and call center operations.

Furthermore, industry decision makers greatly appreciate the marketing benefits of introducing biometric technologies, as it makes it easier for them to position their organizations as forward thinking and security-oriented – traits appreciated by both individual and corporate clients.

To ensure the highest level of security at the lowest cost for end users, new biometric technologies are constantly tested. The goal is to find one that has the best balance of FAR (false acceptance rate) and FRR (false rejection rate) . FAR measures the likelihood of authenticating a wrong user, while FRR is the opposite – a measurement of the likelihood of failing to authorize a legit user. In practice, technologies that do very well in terms of FAR tend to be too strict, resulting in a high number of rejections of legit users. The opposite is also true. Since so many parameters come into play, choosing the best technology is a meticulous task. A search for one that would not require such compromises continues.

Of course, biometric technologies are not completely immune to frauds. Experts also need to be wary of people’s attitude to various identifiers – fingerprinting is not the only one that many individuals find objectionable. Another problem is the fact that on rare occasions, due to illness or advanced, it’s difficult or impossible to identify an individual using certain metrics (e.g. skin lesions & fingerprinting or blood vessel diseases). Some ways in which banks attempt to counter it is employing more than one biometric identifier at the same time.

Despite all these issues, various biometric technologies have repeatedly proven to be both more secure and convenient that any traditional way of authenticating users. Considering just how much has been achieved in the banking industry only in the past 10 years, it can be expected that biometric technologies for authentication will continue to be refined for the good of everyone. We should all keep our fingers crossed.

[1] https://dupress.deloitte.com/dup-us-en/deloitte-review/issue-19/moving-beyond-passwords-cybersecurity.html
[2] http://money.cnn.com/2017/10/04/technology/yahoo-biggest-data-breaches-ever/index.html
[3] https://www.express.co.uk/finance/city/833440/italy-unicredit-bank-hacked-cyberattack-italian-banking-major-security-breach
[4] http://www.lloydsbankinggroup.com/Media/Press-Releases/press-releases-2017/lloyds-banking-group/lloyds-banking-group-says-hello-to-windows-10/
[5] https://www.veridiumid.com/blog/biometric-trends-for-2017/
[6] Biometrics in banking – key aspects, report by Tadeusz Woszczyński (editor) and others
[7] http://abibiometrics.org/the-relation-between-frr-and-far.html

Any questions?

Need quick hints? Feel free to contact us

Piotr Skrabski
Piotr Skrabski
General Manager +48 518 667 591
Ailleron Company

Życzkowskiego 20 Street

Building Avia, 1st floor

31-864 Cracow

Did you know?

A virtual branch will work perfectly wherever efficient service is crucial

Insurance
companies
Financial
consulting
Investment
found
Leasing
companies
Brockerage
house