Banking on the future with biometric innovation

Cybercriminals make billions of dollars each year preying on naïve users and vulnerable businesses. Individual attackers, criminal bands, and state actors seldom rest on their laurels; greed drives them to constantly improve their attack strategies. That’s why it is incumbent upon companies to engage in an arms race with the bad guys and stay ahead of the evolution of cybercrime. Hackers are constantly probing vulnerabilities to evade current security practices, and companies need to innovate to make sure they are always one step ahead of the fraud attacks that aim to steal money from customer accounts.

One of the most promising tools in the fraud security arsenal is biometric authentication technology. Biometric authentication uses the unique physical characteristics of a person to confirm that they are who they say they are, and is being increasingly used to confirm online purchases, payments, and bank transactions.

Biometrics are poised to change online banking and ecommerce in the following ways.

The decline of the password and other legacy factors

The password is the first line of defence for banks and companies that do business online, but it has always been an imperfect anti-fraud approach. Passwords can be circumvented by phishing attacks in a process known as ‘social engineering’ – a fancy term for tricking the end user into divulging their login credentials to cybercriminals. There is another problem: with their multiple bank accounts, email accounts, and numerous online retailer and social media accounts, the modern internet user has to memorize the passwords of up to 92 accounts on average. Biometrics promises to remove the need for memorizing multiple passwords and the unsafe practice it breeds – password recycling – which can leave users vulnerable to having their accounts hacked.

The password will be joined in obsolescence by other old and outdated authentication methods, such as SMS-delivered one-time passwords, which are unencrypted and prone to interception. The US National Institute of Standards and Technology (NIST), a division of the Department of Commerce that creates national guidelines for secure electronic communications, declared SMS authentication as too risky in 2016, saying that it should be replaced with other, more dependable authentication methods. Biometrics removes the need to depend on mobile telecommunications networks that operate outside the perimeter of a bank’s cybersecurity controls.

Remember those bank-issued random-number-generating tokens commonly used as a key ring a decade ago, which displayed a number that was then used to verify a transaction? Those key fobs were compromised various times in large-scale phishing attacks where cybercriminals simply intercepted the numbers they generated in addition to capturing user passwords. Bank customers were also unable to perform any transactions when those tiny tokens were lost or stolen, which obligated financial institutions to bear the cost of reissuing new ones. Fortunately, biometric authentication doesn’t require users to memorize complex passwords or carry something around with them everywhere they go.

Less friction, more convenience with mobile authentication

Customers want security, but if they have to jump through too many hoops to get a security solution, they won’t adopt it. There is a balance that needs to be struck between highly secure transactions and a low-friction user experience. There will never be a truly friction-free online financial activity that is also completely secure, but bank transactions and ecommerce can be protected with biometric authentication methods that are easy for customers to integrate into their banking routines.

Customers are already accustomed to carrying their smartphone wherever they go, and most new models have the technology to enable biometric authentication: fingerprint scanners, voice recorders, and cameras make biometric authentication easy for customers to perform. For example, customers can receive a message through their banking application asking if they would like to confirm a recent transaction, and then apply their fingerprint to the scanner on the phone to verify the activity.

It is not just cybercrime that is compelling banks to modernize security: the financial industry is on the cusp of massive disruption, and institutions must innovate to keep business humming. Customers who know they are protected by simple, hassle-free authentication feel more secure, perform more transactions, and use more digital services, which has the pleasant side-effect of helping banks make more money.

The same biometric authentication technology that can make transactions more secure can also lead to innovation in how banks deliver financial services to customers, leading to product offerings that better reflect the way customers use mobile devices as their primary access point for navigating through a wide variety of life events.

About Mark Kennedy

Mark Kennedy is a fraud security industry observer, researcher, analyst and marketing writer at Easy Solutions, a Cyxtera business. His principal areas of anti-fraud industry coverage include public policy in the digital space, the evolution of cybercrime, and the technology developed to stop account takeover attacks. The Canadian national is based out of the company’s Bogota, Colombia office.

About Easy Solutions

Easy Solutions, a Cyxtera business, is a leading security vendor focused on the comprehensive detection and prevention of electronic fraud across all devices, channels and clouds. Our products range from anti-phishing and secure browsing to multi-factor authentication and transaction anomaly detection, offering a one-stop shop for multiple fraud prevention services.