17 August 2017

Alex Noble

Alex Noble - McAfee

53Posts 278,829Views 21Comments
A post relating to this item from Finextra:

Bank Leumi introduces biometric password re-sets for online banking

17 December 2009  |  10985 views  |  2
3338.jpg
Israel's Bank Leumi is introducing a password re-set feature for online banking customers that is operated by voice biometrics.

Biometrics, cost and password resets

05 January 2010  |  5638 views  |  0

An interesting story about Bank Leumi on Finextra just before Christmas.  It seems that Bank Leumi will be using voice biometrics for password re-sets for online banking. There are a couple of interesting things about this. The first is that password re-sets are an absolute pain for helpdesks and similar types of contact centre. Depending on whether this is an internal helpdesk for an organisation or an external facing one, password re-sets can be anything from 50%-70% of the call traffic.

The two follow on problems from this call volume are that password re-set is an expensive thing for IT technicians to be spending most of their time on and that they represent a significant potential security risk. It is this security risk that is the other area of interest. Passwords authenticate you based on what you know, not who you are. Re-setting a password changes that, as it potentially makes the password available to an identity thief. The blog has covered a number of examples of identity theft (this theft from Barclays in 2008 using the identity of Barclays own chairman being a particular case in point) and the vulnerability is obvious.  

In theory, biometrics removes some of this risk as it is focused on who you are and not on what you know. In practice things are not so straight forward and this is partly why biometic adoption has been more limited than might be expected. For more detail on the limitations, here's been some good posts on Finextra see "Biometrics - what's that all about then?" by Dave Griffiths and "Who's in your Wallet?" by Jarvis Kandik from 2008.  

In Europe I've tended to see biometric deployments mostly for internal password re-sets. A good example that I know of is AIB and VoiceVault who have piloted password resets for staff. The key thing here is that the staff are in a controlled, secure environment and so the biometrics is effectively only one part of a multi-factor and multi-layer authentication. This is what makes the Bank Leumi example so interesting. I haven't before seen biometrics used directly for consumer authentication for something as sensitive as banking.  I have seen quite widespread use of biometrics outside of Europe and the US and especially for areas like welfare benefits. I got a fair amount of comment to my blog post "BBC Moneybox on Speech Recognition for banking " back in February with examples of biometrics in use from the Philippines (interstingly using PerSay, as does Bank Leumi).


Depending on how the Bank Leumi deployment goes, I may need to revise my last post on the subject "Where are Speech Biometrics in Europe?..... and the Your Call Blog "....!

TagsSecurityRetail banking

Comments: (0)

Comment on this story (membership required)

Latest posts from Alex

Identity, verification and blockchains

08 November 2016  |  8686 views  |  0 comments | recomends Recommends 1 TagsBlockchainInnovationGroupInnovation in Financial Services

Law, territory and the Blockchain in Financial Services

20 November 2015  |  3139 views  |  0 comments | recomends Recommends 0 TagsBlockchainInnovationGroupInnovation in Financial Services

How UK payments were changed by London Transport

17 September 2015  |  3707 views  |  1 comments | recomends Recommends 0 TagsPaymentsRetail bankingGroupInnovation in Financial Services

Alex's profile

job title Account Director
location London
member since 2008
Summary profile See full profile »
I specialise in solutions for complex banking processes. Current areas I'm working on include Security, contact centre, improving compliance and digital transformation. Previously, I've worked...

Alex's expertise

Member since 2008
53 posts21 comments

Who's commenting on Alex's posts