Between the camera, fingerprint scanner, and microphone the vast majority of smartphones sold in the last three years have biometric capability. With the right apps, the phones can be used for several different types of biometric authentication and security.
That’s a good thing, because fingerprint scanners don’t work with gloves (nor particularly well with hand cream on your fingers). Facial recognition requires good light. Voice recognition can be foiled by background noise. And iris scans also require good light—and a willing customer.
As a result, banks and other implementers will have to think in terms of not just one biometric technique, or “modality,” but of “multi-modality.” That is, the ability to support multiple ways of identifying people on mobile phones and other digital devices.
That may or may not be music to bankers’ ears (probably not). But another reality is that password-based security clearly is not getting the job done. The former old standby is gradually being phased out for both consumer-facing and internal security situations.
Further, consumers being consumers, they want a choice of what type of biometric ID to use, and there are more choices than those listed above, including cardiac signature and ear shape. USAA is one financial institution that already offers its customers three biometric options: fingerprint, facial, and voice.
Three drivers of biometric use—plus one
Those were among the main points coming out of a panel discussion on Biometric Innovation at last Fall’s Money 20/20 Conference.
Panel moderator Peter O’Neill, president of FindBiometrics, cited an Acuity Market Intelligence report predicting that within three years, literally every mobile device will have built-in biometrics, and that in the same time span nearly seven billion transactions will be authorized by biometrics annually.
Ajay Bhalla, president of enterprise security at Mastercard, said three factors point to why the time for biometrics in fintech applications in particular has come:
1. The number of devices with biometric capability.
2. Consumer use of, and trust in, biometrics.
3. Growing awareness among consumers of the weakness of passwords.
Another factor is convenience. Although doing a facial scan may not seem convenient, Bhalla pointed out that in the Netherlands, a study found 92% of consumers find biometrics more convenient to use than passwords.
On the commercial side, convenience may prove to be an even bigger factor. Wells Fargo requires commercial customers to change their passwords every 90 days, according to Secil Watson, EVP, head of wholesale internet solutions at the bank.
Imagine, she said, if your are a company CFO and use multiple banks. “We need to retire passwords,” she said, adding, however, that the process will be incremental and will go beyond mobile phone use cases.
Banks should “right-align the method to the channel,” said Watson. Use eye-verification, for example, for business clients, she added.
Vincent Bouatou observed that regulations require banks to know who they’re dealing with, and that biometrics link a physical trait to a specific person. Bouatou is vice-president, Business Development, Biometric Technologies, Safran Identity & Security.
As noted above, USAA uses biometrics in its authentication process. Conor White, President of the Americas, Daon, an identity and mobile authentication company, said that if a USAA customer has already authenticated by using biometrics to log on, then the person can click to talk with a live rep who already knows him—no further identification is required.
“This takes about seven seconds versus the usual convoluted procedure,” White said.
Back-end implementation tougher
O’Neill asked panelists how they expect biometrics use to evolve beyond mobility.
Watson responded that she would like to see biometrics used in browser-based situations. She also said Wells is extending the customer use case to Alexa, Amazon’s digital assistant. The technology is there, she noted, but how to make it more secure is the issue.
Phillip Dunkelberger, president and CEO of Nok Nok Labs, a developer of authentication technology, said the picture of biometrics’ future is “bright and rosy” in terms of convenience, but is much tougher in regard to back-end implementation.
“Biometrics isn’t Nirvana,” he said. “It’s a road. Choose carefully. You can lose data if you leave a side door open.”
Added Watson: “Biometrics is not infallible. It does not work 100% of the time.” She said banks need to test for “spoofing” and other threats that can impact biometric security.