An article relating to this blog post on Finextra:
Bank Leumi introduces biometric password re-sets for online banking
Israel's Bank Leumi is introducing a password re-set feature for online banking customers that is operated by voice biometrics.
An interesting story about
Bank Leumi on Finextra just before Christmas. It seems that Bank Leumi will be using voice biometrics for password re-sets for online banking. There are a couple of interesting things about this. The first is that password re-sets are an absolute pain
for helpdesks and similar types of contact centre. Depending on whether this is an internal helpdesk for an organisation or an external facing one, password re-sets can be anything from 50%-70% of the call traffic.
The two follow on problems from this call volume are that password re-set is an expensive thing for IT technicians to be spending most of their time on and that they represent a significant potential security risk. It is this security risk that is the other
area of interest. Passwords authenticate you based on what you know, not who you are. Re-setting a password changes that, as it potentially makes the password available to an identity thief. The blog has covered a number of examples of identity theft (this
theft from Barclays in 2008 using the identity of Barclays own chairman being a particular case in point) and the vulnerability is obvious.
In theory, biometrics removes some of this risk as it is focused on who you are and not on what you know. In practice things are not so straight forward and this is partly why biometic adoption has been more limited than might be expected. For more detail
on the limitations, here's been some good posts on Finextra see "Biometrics - what's that all about then?" by Dave Griffiths and "Who's
in your Wallet?" by Jarvis Kandik from 2008.
In Europe I've tended to see biometric deployments mostly for internal password re-sets. A good example that I know of is AIB and VoiceVault who have piloted password resets for staff. The key thing here is that the staff are in a controlled, secure environment
and so the biometrics is effectively only one part of a multi-factor and multi-layer authentication. This is what makes the Bank Leumi example so interesting. I haven't before seen biometrics used directly for consumer authentication for something as sensitive
as banking. I have seen quite widespread use of biometrics outside of Europe and the US and especially for areas like welfare benefits. I got a fair amount of comment to my blog post "BBC
Moneybox on Speech Recognition for banking " back in February with
examples of biometrics in use from the Philippines (interstingly using PerSay, as does Bank Leumi).
Depending on how the Bank Leumi deployment goes, I may need to revise my last post on the subject "Where are Speech
Biometrics in Europe?..... and the Your Call Blog "....!