Current financial transaction methods have their limitations, exemplified by the typical £100 contactless transaction limit to prevent extensive fraud, and even risks, such as ATM skimming for PIN thefts.  

Cyberattacks went up 600% due to the COVID-19 pandemic and financial institutions and their customers were undoubtedly priority targets for identity theft, the most common type of financial fraud. 

With 67% of financial institutions reporting an increase in cyberattacks for 2021 and 79% of financial CISOs stating that threat actors are deploying more sophisticated attacks, the race is on for businesses to stay ahead of hackers and invest in technologies to safeguard both internal and customer data privacy.   

In a digital society, where elevated customer experiences are the new normal, people expect their payments to not only be safe but also easy and convenient.

When linked to biometric data, transactions, as well as other pain points for financial services such as lengthy onboarding and account verification, become swift, comprehensive, and exponentially more secure.   

A journey in trust  

Biometric technology’s first forays into the identity verification scene were not without their own set of security and privacy challenges. Back then, some of these technologies proved to be easily hackable, especially facial recognition which could be duped by deep-fakes, 3D printed reconstructions and even photographs of users. Strides made in “liveness” AI algorithms alone now paint a vastly different picture for the security and reliability of biometric authentication, providing 100% secure authentication.   

Beyond this, developments in the space are opening up new and innovative avenues for the most common applications of biometric authentication, one of the largest being finance as we have seen from Mastercard’s recent “smile to pay” biometric payments enablement.   

Fully automated identity verification engines have been advanced in the most crucial areas for financial institutions: privacy, to remain compliant with rapidly evolving government regulations; customer experience, to rapidly enrol customers, and security; to reduce fraud and avoid financial losses.   

At the core of an iconic digital identity verification solution, is the capacity to “orchestrate” multiple dynamic data sets to not only detect and deter fraud, but also to deliver a customer experience, which reduces online friction, converts more applicants to customers, and increases retention rates.  

This also extends beyond initially considered use cases to a growing variety of industries, further validating the increasing trust being instilled in these systems. Face ID is no longer just for iPhones but is being implemented in hospitality for hotel check-in, customised personal experiences and room service payments, all without the need for a physical card.  

Why passwords are more problematic than protective  

It is not entirely unreasonable for organisations to have a fear of the unknown when comes to implementing biometric authentication, and for their customers who are expected to use it. However, where digital identity authentication has been subject to suspicion of data theft and privacy breaches, we must also acknowledge the gravity of the risks associated with passwords and PINs.  

In 2021, 92% of LinkedIn’s users’ data was exposed and sold on the dark web in a breach widely reported as a result of weak passwords, with over 700,000 profiles found to be unlocked with a painfully simple “123456”.   

As we move at a rapidly escalating rate towards a cashless and contactless society, passwords and PINs are not only leaving individual security in the hands of human error but are nearing obsoletion. A worrying 59% of IT security respondents report that their organisation relies on human memory to manage passwords. When left to individuals to create and remember dozens, if not hundreds, of passwords, the likelihood of resorting to easily remembered but weak passwords skyrockets – along with their susceptibility to brute-force cracking by hackers.   

Keeping track of changing passcodes, PINs, and security questions is time-consuming, less secure, and less convenient than in-depth biometric identity verification and authentication. Particularly social engineering scams, a key driver of fraud losses, rely on victims handing over personal details and passwords. This is circumvented when that information is replaced with biometric authentication. 

We do see a convergence between the two where apps use biometrics to unlock a secure password store within the device. However, this typically does not offer added security but serves the purpose of convenience. When the security burden is placed on passwords in our modern cyber-sophisticated age, users are left highly vulnerable to breaches and data theft.   

Identity verification solutions need to balance risk with modern digital consumer needs and expectations. Biometrics as the primary or sole means of verification takes the onus of authentication away from the user, whilst maintaining the elevated levels of security that people and organisations expect from financial transactions.  

One identity everywhere  

As financial fraud becomes more pervasive and elaborate, and people become more focused on ensuring their privacy, creating a world of trust is pivotal, not only for identity verification, but also for the future of payments. The positive impact that AI and biometrics can have will be substantially limited if there is a lack of trust in how the technology is used. Users need to be sure that privacy is a top priority, and that their data is safe from theft or exploitation.   

With AI technology, we can create a smooth, secure, and privacy-enabled identity verification process in which people themselves will be the only documentation needed to verify their identity, an approach central to Incode’s “One Identity Everywhere” future. As consumers, retailers and institutions alike adjust to constant digital innovation, the gold standard in the future of payments will be both frictionless and secure, and where data privacy is absolute. 

About the author: Ricardo Amper is CEO & Founder of Incode.