The world of banking is changing. The financial industry is now leading the way with innovative products to ensure engagement stays high and loyal customers don’t sway. The sector’s determination to innovate has allowed for ground breaking technologies, such as biometrics, to enter the mainstream.
Some may dismiss fingerprint or selfie logins as gimmicks. In reality, as we become accustomed to using them on a daily basis, we are seeing a shift in attitude towards online security.
Biometrics headlines – why now?
In the past couple of years, we have seen both hardware and software manufacturers look to biometrics as a solution to growing security threats. Since Apple’s launch of TouchID and the Samsung fingerprint scanner, accessing our personal information using our body as a form of authentication has become the norm.
Biometrics Research Group has predicted that the technology will generate approximately US$9 billion worth of revenue by 2018 for the biometrics industry.
The recent interest in biometrics is also down to high street banks introducing biometrics to secure their product offering. The industry has faced huge competitive pressure from FinTech companies which seemed to be offering the same service with more ease.
To step up their game, we have seen many high street banks introducing security measures that five years ago consumers would have never even heard of.
To give some examples, Nationwide has launched behavioural biometrics for its customers in the UK, adding a whole new level to a ‘personalised customer experience’. HSBC is offering voice recognition, and MasterCard has stated that it will launch selfie authentication.
These launches are encouraging consumers to consider other security measures, away from the traditional password.
In short, not having to remember passwords and usernames will make consumers’ lives easier. You don’t need to be a marketing genius to guess that soon enough most consumers will jump at the chance of using biometrics instead of having to constantly reinvent 'password123.'
Biometrics for business
Finding enterprise level security solutions that fit with consumer behaviour is often high on the agenda, and biometrics can bring major benefits for businesses.
Compared to the current reliance of transferable credentials such as cryptographic keys and passwords, biometrics are an ideal solution for many businesses, as they can’t be alienated from the intended person that is granted access to a particular system or device.
Biometrics can provide better fraud detection, better identity management and improved internal controls, which means that along the line businesses encounter improved trust from their customers.
However, we need to remember that there is no security silver bullet. Instead, we have to take the attitude of strength by numbers or in this case strength by factors of authentication. An example would be the combination of a cryptographic key, reasonably strong authentication vector and biometric technology.
Of course, we can add more factors of authentication to the list. However in the process of trying to be unbeatable, it often comes at the expense of the user. They often end up resorting to their original insecure security measures just for the convenience.
User experience vs security
Changing consumer behaviour creates unprecedented challenges for the security industry. An adaptive authentication system, which caters to context and the risks, is key to finding that perfect combination between the user experience and security.
For example, if you are making a high value transfer on your online banking in a public space on a potentially insecure free Wi-Fi, it is best to introduce a stronger authentication vector.
However, if you fancy scrolling through your friend's Instagram holiday pictures in front of Gogglebox one evening, it is safe to say it wouldn’t be necessary to introduce another layer of security.
The biometrics trials in high street banks we have seen this year are a reflection of the public’s changing perception of biometric technology. This presents an opportunity for security professionals to at last achieve the ideal balance between security and a smoother user experience.
It will be exciting seeing the outcome of the initiatives at Nationwide and HSBC, as long as they and other organisations do not take the naïve route of assuming one technology solves all. You may find yourself trying to get you – and your company – out of hot water.
Sourced from Paco Garcia, CTO, Yoti