16 December 2017
Paul Dignan

80528

Paul Dignan - F5 Networks

4Posts 29,923Views 0Comments
Information Security

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

Are we safe to bank on biometrics?

08 September 2017  |  14183 views  |  0

For financial institutions, the primary goal of digitisation is making banking simpler and more intuitive for customers. Biometric identification has huge potential, offering convenience, simplifying password management and providing a frictionless authentication process. However, combining the desire for ease of use with the need to improve security is a difficult balancing act. With biometrics in banking rapidly gaining momentum, it is equally becoming an area of great interest for cybercriminals, meaning the security of the apps and systems that support these mechanisms is more critical than ever.

Biometrics offer an exciting new frontier in security, with the global biometric system market expected to reach an estimated $32.4 billion by 2022. From TouchID to iris scanning, and facial to voice recognition technology, consumer demand for biometric authentication is increasing, with research from Equifax showing half of the people would prefer to use a biometric security method over traditional options, such as passwords, to log into financial accounts online.

Many financial institutions have already put the technology to use. Wells Fargo began offering revolutionary eye-recognition technology as a security measure for corporate customers in 2016, and financial services company USAA has been offering users the option to log in using face and voice recognition technology since the beginning of 2015. Voice recognition technology has also been employed by Citi, Barclays and HSBC to verify customer identity when phoning a customer service line and Santander has started trialling a voice-based chat in their standalone app, SmartBank.

Is biometrics a fool proof way to keep hackers at bay?

Despite their potential, biometric-based authentication is not failsafe and poses its own security challenges. The unique nature of biometric verification, and the fact that the digitised record is stored and encrypted locally in a secure portion of your device, does make the data better protected than traditional verification methods. However, the risks surrounding this type of data are greater. Unique, permanent biological identifiers can’t be changed or replaced in the event of a breach, so they are very dangerous if they end up in the wrong hands.

The risk of a criminal stealing your eyeball (à la Tom Cruise in Minority Report) is mere science fiction fantasy; the real risk is the chance that a hacker could gain access to the digitised record of biometric data. The National Fraud Authority estimates that £3.3 billion is currently lost through identity crimes each year. Imagine how this could increase if hackers could access biometric data.

What’s the key to protecting biometric credentials?

Although biometrics offer an extremely strong alternative to traditional authentication methods, such as passwords and PINs, there is no such thing as 100 percent security, but having multiple gatekeepers in place can fortify the security of apps and systems. The more different proofs of identity required through separate routes, the more difficult it becomes for a cybercriminal to steal a consumer’s identity or to impersonate them.

As technologies progress, machine learning offers the potential to help banks authenticate users based on multiple assessments, including behaviour, appearance, voice and even the speed at which they type. With such capabilities, a user’s device can constantly calculate a trust score that the user is who they claim to be. According to Deloitte, together these factors are 10 times safer than fingerprints and 100 times safer than four-digit PINs.

Furthermore, solutions are being developed to solve the issue of biometric records being re-used when stolen. For example, a new approach is to split the biometric information between the user’s device and the data centre storage, meaning that if one is compromised, the hacker will not have all the information needed to gain verification.

How will biometric security continue to evolve?

New techniques are emerging that remedy some of the typical challenges associated with biometric solutions, including a lack of capability on the user device and verification failure (facial recognition is prone to problems with lighting conditions). Regardless of the challenges, biometric technology provides organisations with another layer of defence against cyber criminals while simultaneously streamlining the customer experience. This has been successfully adopted by many financial institutions, with great promise to further transform digital banking.

As our lives move progressively online, the level of personal data stored by organisations, the stakes are becoming higher for businesses to ensure consumers’ data is fully protected. At the same time, lucrative areas, such as digital banking, are at the top of cybercriminals target lists. Even with the higher level of security that biometrics promise, having multiple gatekeepers in place is the only way to guarantee the highest level of security.

TagsSecurityRetail banking

Comments: (0)

Comment on this story (membership required)

Latest posts from Paul

Are we safe to bank on biometrics?

08 September 2017  |  14183 views  |  0 comments | recomends Recommends 0 TagsSecurityRetail bankingGroupInformation Security

How intelligent apps are shaping the future of finance

13 July 2017  |  8934 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineInnovation

Why financial institutions can take the fight to cybercriminals

22 September 2016  |  3832 views  |  0 comments | recomends Recommends 0 TagsSecurity

Dealing with Dridex - protecting end-users from new strains of malware

13 January 2016  |  2975 views  |  0 comments | recomends Recommends 0 TagsSecurity

Paul's profile

job title Global Technical Account Manager
location London
member since 2015
Summary profile See full profile »

Paul's expertise

Member since 2015
2 posts0 comments
What Paul reads

Who's commenting on Paul's posts

Eli Talmor