Multilayer biometrics to be next-generation authentication

The proliferation of smartphones and the onset of mobile payments has brought biometrics to the forefront of security for financial transactions.

This is a natural progression forged by the migration of more banking activities to mobile devices that are growing more advanced and equipped with more types of sensors that can accommodate biometric authentication.

Biometric authentication can also raise customer satisfaction, as it can eliminate consumers’ irritating need to recall dozens of different passwords for all of the digital services they utilize. The most recent PYMNTS.com/Socure Digital Identity Tracker study found that 52% of customers prefer biometric identity verification over passwords.

However, we are just at the advent of this evolution towards relying more heavily on biometric factors for authentication. The major alternative mobile wallet providers are all leveraging biometric authentication, following Apple’s lead when it introduced fingerprint authentication for Apple Pay transactions.

Major banks are also rolling out biometric authentication: Bank of America, JP Morgan Chase, and Wells Fargo all allow customers to log in to mobile banking via fingerprint authentication, while USAA lets customers log in through facial recognition. Voice authentication capabilities are also widely deployed in banks’ call centers to identify customers.

But this is just the beginning.

Security and Internet of Things

All of these authentication measures are aimed at the smartphone, which has become the focal point of digital consumers’ lives, including their finances.

The next major stage in the evolution of digital technology is moving beyond the smartphone, as consumers begin to utilize digital services through a wider variety of internet-connected devices in their homes, cars, and work places.

To make their services as convenient as possible, banks will start offering services through this broad array of devices including wearables, connected cars, connected TVs, connected home appliances, and voice-controlled assistants like Amazon’s Echo and the upcoming Google Home.

Financial services providers are already starting to move some transactions to these various devices.

For example, Apple Pay has been enabled on the Apple Watch since its launch, and Capital One allows customers to check card balances and make bill payments via Amazon’s Echo. Wells Fargo, Citi, and FIS have also publicly stated that they are testing different banking use cases for the Echo as well.

As banks start allowing customers to transact over these different devices, they will need to verify customers’ identities across all of these devices that will have different capabilities in regards to what types of biometric factors they can read.

Promises and pitfalls of voice authentication

Voice will likely become the most widespread user interface for customers to interact with their various digital devices in the future.

Voice command makes more sense than touch interfaces in many situations, which is why Echo grows increasingly popular. Users can talk to the device from other rooms in their home and place an Amazon order or call for an Uber without taking their phone out of their pocket. Voice is also much safer in certain situations, such as when the user is driving and wants to search for a nearby restaurant.

Couple this convenience and safety with the major investments that big tech companies are making in their voice recognition and artificial intelligence systems and you have a perfect combination fueling the rise of voice interactions with digital devices. This means consumers will grow increasingly accustomed to interacting with digital services through voice on their mobile devices, TVs, and wearables, as well as in their cars.

This will in turn drive adoption of voice biometrics as a primary means of authenticating customers using digital services through all of these devices.

However, hackers can spoof voice authentication fairly easily with voice recordings, making it one of the less reliable means of biometric authentication.

So even though voice interfaces will be ubiquitous, authenticating users by voice will likely require a second authentication factor. By leveraging a second biometric factor, banks can better verify the identity of customers across a wide number of devices.

Shortcomings of other biometric factors

Using multiple biometric factors for authentication also helps overcome many of the downsides to using biometrics.

For example, biometric authentication can be complicated by the environment in which the biometric data is captured.

For instance, background noise could interfere with the original voice sample that the authentication system takes for comparison later on. And facial recognition samples can be affected by lighting or facial expressions.

Additionally, most biometric systems compare a limited number of data points in a given biometric sample to reduce the likelihood of a failed authentication caused by a scar on someone’s finger or an illness affecting their voice. However, comparing fewer data points also makes the authentication less accurate and reliable.

Measuring multiple biometric factors can help mitigate such accuracy issues. While voice biometrics may be a convenient way for banks to authenticate customers across many of the devices they will use in the future, those devices will also be capable of capturing other biometric samples.

Mobile banking users could log in via a combination of voice authentication and a fingerprint reading from their smartphone. Those logging in via laptops and desktops could be authenticated through both voice and facial recognition, based on images captured by the computer’s camera. As automakers put more cameras and image sensors in their new models, using facial recognition will also be possible for authentication in connected cars, something Volkswagen is already working on.

Some devices—like the Echo—may not be capable of capturing a second biometric factor besides voice. In those cases, customers could provide a PIN or spoken phrase as a second authentication factor.

Password RIP, already

It is well past time that banks and other organizations put passwords to rest, as passwords have done little to stem the rise in cybercrime over the past few years. Biometric authentication offers a convenient path for customers to authenticate themselves without passwords, and leveraging multiple biometric factors will increase the accuracy of biometric authentication.

The challenge for banks will be in implementing such multi-factor biometric authentication systems across new types of devices that customers are adopting before hackers learn how to infiltrate those new devices and use them against banks’ customers.