Biometric Authentication For Mobile Banking: What Banks Need to Know
Biometrics is quickly becoming a large part of our everyday lives. Every time we get a new passport, a photo is taken, a signature is used to sign off on important documents, or a fingerprint is scanned to unlock smartphone devices. The use of biometric technology is growing exponentially for the purpose of user authentication in industries such as government, retail, and now financial services.
With the growing number of data breaches, banks are being pressured to get away from personal identification information and towards a more impenetrable system. A survey conducted by the Bureau of Financial Institutions found that 75 banks and credit unions’ losses due to data security breaches reached a total of over $2.1 million US. This is a significant loss that financial institutions must address in order to reduce fraud rates and protect users worldwide.
In our last post, we covered how biometric authentication is impacting the banking industry and the benefits it provides both users and financial institutions. But when it comes to evaluating different authentication solutions, there are still a number of questions banks must ask before adopting this new security method.
How Accurate is it?
For many years, law enforcement agencies and governments have been using biometric technology for accurate identification, which has proven to be extremely successful in tracking data. Biometric password management increases authentication accuracy by ensuring that the right person has access to the right information.
Biometric technology, however, does not work 100% of the time. Some iris scanners won’t work with colored contacts, and eye print ID doesn’t work if you can’t hold your mobile device still enough for the scanner.
“The question banks need to answer is if the technology will work when and where their customers are doing their mobile banking.”
Apple’s Magic Toolbar is a good example of how little time and effort it takes to authenticate a user due to the fact that all you have to do is touch the ID pad.
Is it Secure and Safe?
The main concern banks have is the threat of hackers stealing their customers’ biometric data. Biometric authentication protects user credentials from being stolen as each physical trait is unique to each person and cannot be shared, duplicated, or easily forged.
The banks themselves are not keeping caches of actual fingerprints or eye patterns. Rather, they are creating and storing templates, or complex numerical sequences, based on a scan of a person’s fingerprint or eyeball. It is possible that hackers could use the biometric template to penetrate the system. As a result, some organizations are implementing extra safeguards. For example, some voice authentication systems prompt the user to prove it is a living customer and not a recording. Many eye scans require users to blink or move their eyes to prevent a hacker from using a photo to gain access. In addition to these safeguards, banks also need to consider multi-factor authentication for an added layer of security.
Multifactor Authentication (MFA) or Multi-Modal
MFA can be a combination of something the user knows and something the user is such as a set physiological traits that may include fingerprint, iris pattern, or voice recognition, that make it almost impossible to hack.
Each human biometric characteristic is unique such as fingerprints, finger vein patterns, palm vein patterns, iris patterns, etc. Therefore, all of these modalities are hard to forge, copy, or spoof. Moreover, biometric technology is now more advanced with multi-factor biometric devices that are capable of capturing both fingerprint and finger vein images in one single scan. The use of biometrics as an alternative to passwords or in combination with passwords as two-factor authentication is now considered the most secure form of security to prevent data breaches due to weak passwords.
Is it Right For My Users?
When adding a new feature to a mobile app, you need to consider what the user expectations are. In most, if not all cases, users are searching for greater convenience and an overall seamless user experience. The dreaded account lock is a reality that mobile banking users experience when their password is either forgotten or mistyped. This frustrates users, especially when it comes to financial accounts that contain extra security features and even fewer password attempts. Put simply, if the functionality isn’t easy to use, people won’t use it, which is the main reason why biometric authentication is quickly becoming popular for mobile, leaving the forgotten passwords in the past.
Is it Accessible For Users?
While fingerprint technology is becoming more widely available, there are still a large number of Android devices that aren’t built with fingerprint sensors. Despite this fact, 33% of Bank of America’s 20 million mobile banking customers have started using a fingertip to get into their banking accounts, which is significant when compared to the number of mobile devices with biometric capabilities. Biometric technology is now more sophisticated and readily available as the success in other industries such as retail and mobile payments are paving the way for the slow-to-adopt financial industry.
Is It a Cost-Effective Solution?
Implementing biometric authentication, particularly a fingerprint scan, reduces financial losses from being compromised by weak password management. In a survey of more than 3,900 companies worldwide by Kaspersky Lab, it was found that the cost of lost financial data ranged anywhere from US $66,000 to $938,000 per organization, depending on the size. Implementing a biometric security method can prevent such incidents from occurring and save on financial losses resulting from data security breaches.
Pushing Biometrics to Mainstream
While biometric authentication provides many benefits, there are still many skeptics unwilling to adopt this new technology. This is because it faces threats such as storage issues and privacy concerns, much like any other security method. But after Apple released the iPhone 5S with a fingerprint sensor, consumers have become more comfortable with the concept of biometric authentication. Fingerprints now have become a mainstream alternative to PINs or passwords. Furthermore, Apple’s newest launch of the MacBook Pro’s Magic Toolbar has taken a bold and innovative step in easing the worries of mobile users. Apple’s innovation is sure to pioneer further growth in the biometric security industry, particularly in the mobile banking industry. Apple has also opened its Touch ID authentication technology to third-party developers, which has enabled mobile providers all over the world to use the feature for their own user security.
Biometrics for the Masses
One of the greatest aspects about Apple’s Touch ID fingerprint scanner is that it’s bringing a cost-effective and reliable biometric mobile security element into direct contact with millions of users worldwide. Apple’s resurgence of biometrics into the digital security landscape facilitates a conversation that is getting users more excited to use mobile biometrics for their everyday tasks such as transferring funds or paying bills.
With the vulnerability of PINs and passwords, we can’t rely on this conventional security method much longer. Security must rely on what the user is (physical traits) rather than what they know (passwords and PINs), to reduce stolen, copied, and hacked accounts. As even more banks and financial institutions are becoming aligned with biometric technology for security innovation, we’ll begin to see a significant shift away from conventional methods of security.