A report from Visa says that UK residents are nearly twice as likely to trust banks to keep biometric data such as fingerprints and iris scans safe.
It also revealed that nearly two thirds of us say the British are willing to use biometrics as a method of authentication.
So does biometric authentication for banking offer a safer alternative to pin numbers and passwords?
If you’ve seen one of the many demonstrations over the last year of spoof fingerprints made from Plasticine you might not be quite so quick to adopt it as a primary authentication method.
Barclays, Visa and MasterCard are all offering the technology when it comes to authenticating financial transactions.
The MasterCard system went live in the UK earlier this year. Barclays was just a month ago.
>See also: Privacy and authentication in the Internet of Things
Consumers are able to complete an online purchase without the need for PIN codes, passwords of confirmation codes.
Instead, they can opt to download an application to their PC, tablet or smartphone and opt to take a ‘selfie’ picture (MasterCard) which is mapped against a stored image on file to allow payment or use voice recognition (Barclays).
These are the first of a number of biometric services designed to improve identity verification for mobile phone payments and other wearable devices.
Iris scanning will also be coming to a Samsung Galaxy near you pretty soon to. Samsung Pay says users will be able to use it as a means to authenticate credit card transactions and eliminate fraud.
Speed, simplicity and security for consumers wanting to take advantage of the convenience of mobile payments.
For Visa and MasterCard, it has the potential to reduce the number of false declines that cost them dearly: in the past year, the value of false declines has hit $118 billion per annum – more than 13 times the total amount lost annually to card fraud. Removing barriers to purchase increases conversion rates.
>See also: Think before you speak: voice recognition replacing the password
What’s more, every time a user loses their password or PIN, it’s a cumbersome process for card issuers to manage.
However, whilst the benefits are obvious, the question still remains, are people too trusting of these new biometric technologies?
After all, there’s no margin for error here. Surely a password can be changed, but a face, fingerprint or voice isn’t so easy to change if that data is breached and replicated. But this technology needs to be completely secure and tested before it is rolled out.
Security experts have already expressed concerns that it might be easy to spoof the systems – which after all – are delivered to consumers via an app. Others have highlighted that facial scans and fingerprint sensors can be compromised.
As an industry, watertight methods of storing this data securely must be implemented before playing with people’s identities.
User devices are notoriously prone to penetration by cyber criminals – whether that’s as a result of users adapting their devices or overriding device security parameters, or using unsecured public WiFi when transacting online, which means biometric data will need to be encrypted to ensure it cannot be stolen – otherwise it opens a whole new vector for identity theft.
What’s more, rigorous PCI standards already exist to protect users and merchants, especially where liability is concerned should things go wrong. What’s not clear in this scenario is whether liability will shift – and who too.
Quite simply, it’s new territory.
>See also: 5 cyber security concerns in Back to the Future II
In May 2018, just around the corner, the EU’s new General Data Protection Regulation (GDPR) brings with it punishing requirements when it comes to sensitive personal data like biometric data – fingerprints, facial recognition, retinal scans and so forth – which must be afforded ‘enhanced’ protection.
This has significant implications for organisations, triggering the need for an organisational Data Protection Impact Assessment if biometric data is processed on a large scale.
Consumer appetite for the simplicity of biometric authentication is here. The aim is to ensure that the security technologies it is based on are bulletproof.
If handled right, biometric data could pave the way for a more secure, easier way for consumers to transact online. It could hopefully, eventually eliminate fraud for all.
But who wants their personal finances to the testing ground for these new technologies when simple issues like liability have not yet been fully established?
Sourced by André Malinowski, head of international business at Computop