finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

Current financial transaction methods have their limitations, exemplified by the typical £100 contactless transaction limit to prevent extensive fraud, and even risks, such as ATM skimming for PIN thefts.  

Cyberattacks went up 600% due to the COVID-19 pandemic and financial institutions and their customers were undoubtedly priority targets for identity theft, the most common type of financial fraud. 

With 67% of financial institutions reporting an increase in cyberattacks for 2021 and 79% of financial CISOs stating that threat actors are deploying more sophisticated attacks, the race is on for businesses to stay ahead of hackers and invest in technologies to safeguard both internal and customer data privacy.   

In a digital society, where elevated customer experiences are the new normal, people expect their payments to not only be safe but also easy and convenient.

When linked to biometric data, transactions, as well as other pain points for financial services such as lengthy onboarding and account verification, become swift, comprehensive, and exponentially more secure.   

A journey in trust  

Biometric technology’s first forays into the identity verification scene were not without their own set of security and privacy challenges. Back then, some of these technologies proved to be easily hackable, especially facial recognition which could be duped by deep-fakes, 3D printed reconstructions and even photographs of users. Strides made in “liveness” AI algorithms alone now paint a vastly different picture for the security and reliability of biometric authentication, providing 100% secure authentication.   

Beyond this, developments in the space are opening up new and innovative avenues for the most common applications of biometric authentication, one of the largest being finance as we have seen from Mastercard’s recent “smile to pay” biometric payments enablement.   

Fully automated identity verification engines have been advanced in the most crucial areas for financial institutions: privacy, to remain compliant with rapidly evolving government regulations; customer experience, to rapidly enrol customers, and security; to reduce fraud and avoid financial losses.   

At the core of an iconic digital identity verification solution, is the capacity to “orchestrate” multiple dynamic data sets to not only detect and deter fraud, but also to deliver a customer experience, which reduces online friction, converts more applicants to customers, and increases retention rates.  

This also extends beyond initially considered use cases to a growing variety of industries, further validating the increasing trust being instilled in these systems. Face ID is no longer just for iPhones but is being implemented in hospitality for hotel check-in, customised personal experiences and room service payments, all without the need for a physical card.  

Why passwords are more problematic than protective  

It is not entirely unreasonable for organisations to have a fear of the unknown when comes to implementing biometric authentication, and for their customers who are expected to use it. However, where digital identity authentication has been subject to suspicion of data theft and privacy breaches, we must also acknowledge the gravity of the risks associated with passwords and PINs.  

In 2021, 92% of LinkedIn’s users’ data was exposed and sold on the dark web in a breach widely reported as a result of weak passwords, with over 700,000 profiles found to be unlocked with a painfully simple “123456”.   

As we move at a rapidly escalating rate towards a cashless and contactless society, passwords and PINs are not only leaving individual security in the hands of human error but are nearing obsoletion. A worrying 59% of IT security respondents report that their organisation relies on human memory to manage passwords. When left to individuals to create and remember dozens, if not hundreds, of passwords, the likelihood of resorting to easily remembered but weak passwords skyrockets – along with their susceptibility to brute-force cracking by hackers.   

Keeping track of changing passcodes, PINs, and security questions is time-consuming, less secure, and less convenient than in-depth biometric identity verification and authentication. Particularly social engineering scams, a key driver of fraud losses, rely on victims handing over personal details and passwords. This is circumvented when that information is replaced with biometric authentication. 

We do see a convergence between the two where apps use biometrics to unlock a secure password store within the device. However, this typically does not offer added security but serves the purpose of convenience. When the security burden is placed on passwords in our modern cyber-sophisticated age, users are left highly vulnerable to breaches and data theft.   

Identity verification solutions need to balance risk with modern digital consumer needs and expectations. Biometrics as the primary or sole means of verification takes the onus of authentication away from the user, whilst maintaining the elevated levels of security that people and organisations expect from financial transactions.  

One identity everywhere  

As financial fraud becomes more pervasive and elaborate, and people become more focused on ensuring their privacy, creating a world of trust is pivotal, not only for identity verification, but also for the future of payments. The positive impact that AI and biometrics can have will be substantially limited if there is a lack of trust in how the technology is used. Users need to be sure that privacy is a top priority, and that their data is safe from theft or exploitation.   

With AI technology, we can create a smooth, secure, and privacy-enabled identity verification process in which people themselves will be the only documentation needed to verify their identity, an approach central to Incode’s “One Identity Everywhere” future. As consumers, retailers and institutions alike adjust to constant digital innovation, the gold standard in the future of payments will be both frictionless and secure, and where data privacy is absolute. 

About the author: Ricardo Amper is CEO & Founder of Incode.  

[ymal]

A new bar called AI Bar has a system that registers customers’ faces. It then lets the barman know which customer is next in line. You can use your fingerprint to unlock your phone. And many high-security offices now use a person’s body movements to determine their identity.

These systems have become so refined that critical identity verification moments don’t even get registered by the user's awareness. When you register yourself for a service, your face and eyes are matched with other data points you supply. Government-issued IDs like driving licenses and passports are matched with the biometric data that you have submitted.  If the match is successful, the system knows the customer is who they say they are. This entire seamless process can take as little as 8 seconds. Read on to find out more about the level of security biometrics offers.

What Exactly Is Biometrics?

Biometrics are slowly replacing traditional passwords and access keys everywhere. Biometrics can identify the unique physical qualities of a person. Facial features, the iris, fingerprints, and the retina are all such physical attributes. The Somali Army and Indian doctors have already adopted this technology at a state level. You have a piece of this technology in your pocket. Your smartphone can use biometrics to authenticate you into your bank account.

There are biometric technologies that can even peek underneath your skin. It can recognise the pattern of veins in your palm. When blood is deprived of oxygen in veins, it absorbs more infrared light than other tissues surrounding it. That is how your vein pattern can be recorded. New cutting-edge technology being developed allows a system to recognise a person based on their heartbeat. And you can even be recognised by your brainwaves.

So Is This A Goodbye To Passwords?

Fingerprints vs Passwords

Using biometrics is certainly more convenient. You simply touch a scanner with your finger, and you are in. It is a lot easier than typing in a password letter by letter. Passwords can also be weak, and they can be prone to hacking. They also happen to be out of date. However, password-protected systems are far easier to implement than biometrics. 

Facial Recognition vs Passwords

It all boils down to economics. The more data points that a system can log from your face, the more accurate your biometric profile will be. The level of security of the system will completely depend on its implementation. Thus, with more sensors, the system becomes more secure.

Iris Scanning vs Passwords

All these systems, whether fingerprints, facial recognition, or iris scanning, are similar. They all check for a single unique feature in a person. On the other hand, a password needs to be in your memory. You can’t just make a note of it and keep it somewhere because someone might find it. Furthermore, anyone who has your password can assume your identity. Thus, the future lies in multi-factor authentication. The most widely adopted systems will be those that users find the easiest to work with.

How Safe Is Your Biometric Data?

The responsibility of keeping your data secure rests with the company. In the ideal scenario, all biometric data is kept on the user’s device and not in the cloud. It makes things a lot harder to hack into. This practice is, however, not always followed.

A team of Israeli researchers hacked into a system with the biometrics of over 1 million individuals. They could gain access to 23 GB of data with 27 million unique data points. This set of data contained fingerprints, facial profiles, etc.

But password-based systems are also prone to hacking. Passwords can be stolen, and someone can watch you enter them, which isn’t possible with biometrics. Unfortunately, hackers have been quite successful in beating biometric systems. And unlike passwords, you can’t change your biometrics once they are compromised. Under lab conditions, hacking biometrics is possible.

An iPhone fingerprint scanner can be fooled by a fingerprint impression from a piece of glass. A Samsung phone's iris scanner can be fooled by using a contact lens. A computer club in Germany could bypass a palm vein scanner using a wax hand. A Chinese group was able to beat Apple’s face ID using a pair of regular glasses and tape.

As you can see, biometrics are not perfect yet. However, it all depends on the number of sensors in use and the economics. The more elaborate a system becomes, the more secure it becomes.

Here David Orme, SVP at IDEX Biometrics ASA, discusses with Finance Monthly how Gen Z is set to chat the face of modern banking, as well as how banks can address fraud and security challenges and the role of biometrics in combatting fraud.

Consumers in Generation Z (those born after 1995) are the biggest market disrupters right now. They are predicted to make up 40% of all consumers by 2020, and will account for 32% of the global population overtaking millennials (31.5%, born between 1980-1994). As this generation’s spending power grows, they will change the consumer world in many ways.

Now, Generation Z looks set to transform the face of modern banking too. Our recent research into Generation Z’s attitudes towards banking and online security and biometrics found that nearly eight-in-ten (79%) 16-24-year olds think banks should do more to protect their customers from fraud.

Additionally, the youngest consumers in our study were 16-17-year olds, the target age for many new banking customers. Of this age group, a huge 95% think banks should be increasing fraud protection for their customers.

Why is Generation Z so concerned about fraud?

Having grown up around the threat of cybercrime, those in Generation Z are more aware of the risks of fraud than the more security-lax millennials (born between 1981 and 1994). Our research found that nearly three-quarters (74%) of 16-24-year olds believe it is too easy to find someone’s personal information online nowadays. Also, more than half (52%) of Generation Z are worried about someone stealing their identity.

I recently observed a focus group of 18-24-year olds to support our research and noticed a high level of awareness about banking and online security from the respondents. Interestingly, many of the young consumers showed they don’t just jump to install the latest banking apps simply because they are new or cool. They are thoughtful with their consumer decisions and assess how well services or technologies fit their security and financial needs first.

One respondent, Nikki, who is 24 and from London, stood out for rejecting mobile payment apps, the opposite of the perceived image of someone in Gen Z: “I only use my bank card to pay for things,” she said. “I deliberately keep my phone separate because I don’t want spending money to be too convenient.”

The security challenge

Like Nikki, many Generation Z consumers are more cautious while banking or shopping than retailers and banks often believe. The research shows that, far from being over-sharers of their personal information, more than three-quarters (76%) of Generation Z accept that it’s their responsibility to look after their data and keep their identity safe. In return, these consumers expect their banks and service providers to work just as hard to deliver a high level of protection for them.

Although new challenger banks, such as Monzo and Starling, are growing rapidly among young consumers, that doesn’t mean Generation Z trust them more when it comes to security than the high street giants. Michael, a 19-year-old student from London also in the focus group, summed up the care with which Generation Z approach digital banks: “I feel the online banks have to push up their security because there’s no physical presence,” he said. “So they’ve got to be more secure to be on top of their game.”

Although new challenger banks, such as Monzo and Starling, are growing rapidly among young consumers, that doesn’t mean Generation Z trust them more when it comes to security than the high street giants.

Our study also reveals a wider lack of confidence in all banks, as only half of Generation Z shoppers (54%) are certain that their bank would refund them any losses if someone fraudulently accessed their bank account and stole any amount of money. The new generation of banking customers expect greater security and responsibility from high street banks, which in turn is driving their consumer choices.

The biometric banking solution

The findings also show that Generation Z wants to see banks adopting new technology to combat card and online fraud. Nearly two-thirds of them (62%) think all banks should offer biometric payment cards to help reduce fraud.

Additionally, nearly half (45%) of Generation Z can’t believe credit and debit cards don’t already use biometrics for payment and ID security. Again, this is even higher among 16-17-year olds, with nearly two-thirds (63%) of them expecting banks to already use biometrics for payment card security. As high street banks often thrive on signing-up new customers while they are young, appealing to this new generation of consumers is vital for the industry.

[ymal]

Therefore, financial institutions must now add biometric technology to the payment card market to attract young and potentially loyal customers. In fact, nearly half of those in Generation Z (46%) would choose a bank that offered biometric payment cards over one that didn’t.

Most importantly, Generation Z consumers are willing to pay for added security as two-in-five (43%) would expect to pay a little more for a biometric payment card, with a third (33%) willing to pay between £3-5 per month for it.

Banks need to act now

While many traditional banks have been slow to respond to the needs of Generation Z customers, it’s important for the success and future of the financial industry that they don’t ignore the demands of this generation of customers any longer. Unless high street banks act now to address the security concerns of those in Generation Z, they’ll soon be overtaken by fintechs and digital challengers who can innovate faster.

It is apparent under 24s expect to be using new, secure biometric technology today for increased payment security and convenience. Banks must now introduce innovative biometric payment cards to attract young customers, protect users from fraud and build trust with the consumers of tomorrow.

Goode Intelligence predicts more than 1.9 billion bank customers worldwide will use biometrics by the end of 2020 as a means of making payment authentication more secure and convenient. They also predict that by 2023, there will be 579m biometric cards in circulation. The UK could have a significant role to play in this adoption, with Natwest announcing earlier this month its trial of a biometric fingerprint credit card, making it the first UK bank to do so.

There are some obvious, immediate benefits to biometric authentication. Consumers can authenticate purchases above the current £30 contactless limit without having to enter their PIN, using only their fingerprint instead. For retailers, not only would this reduce queue times but also help facilitate more secure transactions, technologically and visually, as merchants will be able to witness the cardholder authenticating the transaction, which is currently not the case with a stolen card.

Cost factor

When chip and PIN were first introduced back in 2000, a similar cost comparison was made between using a magstripe card and a chip card. In the industry at the time, the discussion about the difference in price revolved around the business case to include a lot of additional data stored on the chip cards, such as medical information and driver’s licence information. In the end, it was determined that the cost of that particular chip was too expensive. What we have now is the cheapest chip they could mass produce; a win-win in the eyes of issuers.

When it comes to adding biometric functionality to a card, the significant cost to produce is obvious to even those not privy to the intricacies of card issuance.

When it comes to adding biometric functionality to a card, the significant cost to produce is obvious to even those not privy to the intricacies of card issuance.

Some commentators on this have suggested that some costs could be borne by the cardholder in the form of an annual fee or a set-up fee for a biometric card. However, this could have a negative impact on getting consumers to use biometric authentication.

As is the way with any new technology, there is inevitably going to be initial resistance to cost. But this must be balanced with considerations for, say, the reduction in fraud.

Questions on security

In the case of Natwest’s biometric card, consumers have to go into a Natwest branch and register their thumbprint on a reader, which may seem like an innocuous part of the process but actually raises issues around mass adoption. You cannot have a solution where you’re asking individuals to go to a branch to register a thumbprint; it’s not inclusive to those without access to a branch, especially when bank branches are closing at a rate of knots. The alternative would be a mobile solution, but this again raises issues of accessibility.

The whole idea of using biometrics to authenticate payment raises questions around security, beyond the obvious ways it helps facilitate secure transactions. The human thumbprint is not a physical image. It’s encrypted. When you hear of a data compromise in the news, most cardholders are told to reset their password. But when you’re doing biometrics and you’re using something which is unique to you - like a fingerprint -- if that data is compromised, what’s the backup? You’ve ultimately only got 10 options unless you start using your toes!

Like any new tech, biometrics generates a lot of buzz and excitement. Whilst it is a fascinating new development in our industry, let’s take a steady approach that ensures we cover all eventualities. Once we open the pandora’s box of mass adoption, it will be very difficult to close it.

Authored by Nick Fisher, European Projects Manager at JCB International (Europe).

Most sectors are having to comply with said rules and conform to industry trends, thus evolving based on the limitations regulations have imposed on them. According to Aravind Srimoolanathan, Senior Research Analyst - Aerospace, Defence & Security at Frost & Sullivan, this is particularly applicable in the biometrics sector, as it progresses in line with regulation presenting increasing opportunities for biometrics to excel in a security driven data world.

The Swedish data protection authorities (DPA) recently levied the first fine of approximately $20,000 to a high school which ran trials of facial recognition technology among a group of students to monitor their attendance. The school authorities argue that the program had the consent of the students, though that did not soften the stance of the regulator. The European data protection board citing the ‘imbalance’ between the data subject and the controller of data. Canvassing the multiple opinions floating on the web1, Frost & Sullivan notes multiple cases of violations reported in Bulgaria and Austria post the incident in Sweden. The regulatory breaches have led to similar fines levied by the respective local data protection agencies tasked to enforce GDPR. Have the flood gates opened? Will this drown the Biometric market? Probably not, but it does raise significant concerns which need to be assessed and responded, to continue bringing the associated benefits of Biometric technologies to business and security operations.

General Data Protection Regulation (GDPR) is designed for the protection of personal data. GDPR emphasises on a person’s right to protect their personal data, irrespective of whether the data are processed within or outside the EU. Any data that could be linked to a person is subsumed into the definition of “personal data”. The regulation comprises of several articles and clauses which require compliance by all forms of agency - public, private or individual, that processes personal and sensitive data of clients, companies or other individuals. The regulations not only addresses data protection and privacy of individual citizens of European Union (EU) and European Economic Area (EEA) but also data transfer outside EU and EEA.

[ymal]

In summary- data is expected to be stored, managed, and shared in an individual-centric approach rather than a collateral approach.

The challenges in managing identity in the modern world through conventional methods such as ID cards and PINs/ passwords are failing to address efficiency, accuracy and security requirements. The exponential demand for biometric-based ID management and access control systems drives the need to overcome such challenges. Biometric technologies (yes, facial recognition is one of them) curtail unauthorised physical and cyber access preventing identity fraud, enhance public safety, and drive seamless and efficient processes ensuring higher safety, convenience, and profits.

The Sweden High School case indicates the extent of GDPR is not just limited to giant corporations such as British Airways but also smaller public and private entities ‘mishandling’ data and hence violating the dictates of the GDPR regulations.

Frost & Sullivan’s collation of perspectives and insights from across the industry indicates that biometric technologies will replace conventional methods of Identity and Access Management in the years to come, not a case of if but when. Continued enforcement of data regulations would drive proper use case definition and regulatory compliance, but for this the suppliers and operators of these technologies need to create compliant secure by design solutions and processes. The first step is ensuring secure operations of the systems, and second is to design robust and verifiable processes for the associated data generated. Thirdly, defining the application of harvested data within the ethos of GDPR and related governance.

In the short-term though, with a surge in biometric technologies adoption, Frost & Sullivan anticipates we will witness an uptick in number of GDPR violation cases, due to partial and/or improper understanding of data privacy regulations. Though there is a risk that the hefty fines may slow down the pace of widespread adoption of biometric technologies, Frost & Sullivan proposed three-step strategy will drive healthy demand. Organisations that are digitally transforming their businesses for enhanced process efficiencies as part of their digital strategy would need to realign strategies to comply with general data protection regulations.

Biometric technologies are gaining infamous popularity with the data breaches, privacy concerns and unethical commercialisation of the associated data. GDPR, the Achilles heel as it may prove to be for the Biometric market, does not necessarily need to be – instead, the principles of GDPR can itself become the value proposition of the future biometric technologies.

1 http://www.enforcementtracker.com/

2 https://www.infosecurity-magazine.com/news/gdpr-spurs-700-increase-data/

A tap over the limit

2018 saw biometric payment cards transition from theory to reality. Partnerships with banks, vendors and payments schemes gained real traction worldwide and have continued to do so into 2019.

In March this year, the UK’s first biometric payment card trials were announced by Royal Bank of Scotland and NatWest to great acclaim, with the solution described by NatWest as, “the biggest development in card technology in recent years.” The major motivation cited behind these UK trials? The opportunity to ‘scrap the payment cap’.

Since its launch more than a decade ago, the popularity of contactless card payments has grown considerably, and adoption in the UK has been particularly high. Recent industry figures suggest the total value of contactless transactions reached £5.9 billion in February 2019 alone - an increase of 19.8% during the same period in 2018 - while almost 83% of consumer debit card transactions are now contactless.

Limited to £30 per transaction however, the true potential of contactless payments has been cut short. While the cap responds to security concerns, adding biometric trust to a payment card can empower banks to lift the payment cap without impeding consumer convenience.

The natural evolution of the contactless card? We think so.

Biometrics is taking centre stage as a means to strengthen security without simply adding more forgettable PINs and passwords.

Security for the age of apps

Open banking and the mandates of PSD2 are making banks, merchants and device makers consider how they can best deliver multi-factor secure customer authentication (SCA) solutions. Meanwhile, in an increasingly connected, always-on world, consumer demands for a more seamless UX have never been higher.

Biometrics is taking centre stage as a means to strengthen security without simply adding more forgettable PINs and passwords.

Its application in mobile devices is increasingly extending beyond simply opening the device to guarding the applications within them. From open banking apps and digital wallets, to m-commerce and in-app purchases, consumers are rapidly realising the benefits biometrics bring to managing and protecting their financial lives.

Introducing biometrics can also enable stakeholders to foster greater consumer trust and safeguard privacy concerns. Not something to shy away from in a post-GDPR Europe.

Payment form factors are exploding!

With over 20 trials announced across the globe, the biometric payment card is likely to be the next big fingerprint-secured solution to revolutionise the payments world. But the possibilities for new form factors are endless – from wearables to USB authentication dongles.

Biometric authentication has an unrivalled opportunity to unify the authentication process across form factors and platforms.

In parallel, we’re also likely to see biometrics technologies beyond fingerprints continue to grow in adoption. The success of fingerprint has paved the way for other biometrics technologies to achieve success, including touchless facial and iris recognition solutions. In fact, we’re increasingly likely to see solutions combining multiple biometrics technologies where, for example, a device could authenticate your face and fingerprint at the same time. By ‘layering’ security with biometrics, the FS world can continue to improve UX, reduce fraud, and perhaps finally say goodbye to PINs and passwords.

Consumers are the key to everything

In an age of increasingly connected, seamless solutions across industries, the consumer experience sits at the heart of everything. Biometric authentication has an unrivalled opportunity to unify the authentication process across form factors and platforms.

For payments, and the FS world more broadly, biometrics answers an age-old question: how do we add security without harming UX? This balance of trust and convenience is vitally important and is what will see the technology continue to thrive in smartphones and in applications far beyond.

It’d be naïve to look too far ahead, but we can be sure that if the rest of the year continues with the same pace as the first quarter, the biometrics industry will certainly be kept busy!

 

Website: https://www.fingerprints.com/?utm_source=iseepr&utm_campaign=FinanceMonthly_article

Blog: https://www.fingerprints.com/blog/you-are-the-key-to-everything/?utm_source=iseepr&utm_campaign=1bn_blog

Twitter: https://twitter.com/FingerprintCard

Here Stan Swearingen, CEO of IDEX Biometrics, discusses the potential trends for 2019’s biometrics sector.

Following a number of successful trials using fingerprint sensor technology within smart cards across multiple markets, (including Bulgaria, the US, Mexico, Cyprus, Japan, the Middle East and South Africa) the biometric smart card is reaching its inflection point. Key players within the banking industry, including Visa and Mastercard, are already heavily invested in this new payment technology and anticipate that biometrics will play a key role in the revolution of the payments industry.

With mass market rollout on the horizon, here are five key predictions for the biometric payment industry in 2019.

2019: The year of dual interface

The first half of 2017 reported 937,518 cases of financial fraud, resulting in losses of an astonishing £366.4 million[1], a clear demonstration that the PIN is no longer fit for purpose. Recent research from IDEX Biometrics supports this claim and found that 29% of consumers surveyed felt concerned about the use of PINs to keep their money secure, and as many as 70% believed that contactless payment cards left them exposed to theft and fraud. As consumer concerns continue to grow around the security of payments, so too does the need for a personalised, secure and convenient payment solution.

Enter the biometric dual interface payment card. 2019 will see biometric fingerprint sensors integrated into cards with both a micro-processor and contactless interface, removing the need for PINs. This will provide consumers with the reassurance that their money is safe as any transactions will require their finger print to authenticate it. 2019 will be the year of the dual interface where biometric authentication will be available for both contact and contactless payments!

These advances in technology and those within the payments market have meant that the concept of biometric authenticated payments is no longer a novelty. In fact, according to forecasts by Goode Intelligence, nearly 579 million biometric payment cards will be used globally by 2023[2]. The integration of the biometric sensors in the payment card will be one of the next-generation transformative innovations to breathe new life into the payment industry next year and assist in the fight against payment fraud.

The integration of the biometric sensors in the payment card will be one of the next-generation transformative innovations to breathe new life into the payment industry next year and assist in the fight against payment fraud.

Remote enrolment will be the key to mass market adoption

For mass market deployment of biometric smart payment cards to be possible in 2019, banking infrastructures must look at the implementation of biometric technology and ensure that this method of enrolment is accessible and convenient to all. The elderly or those with physical health limitations may struggle leaving the house to enrol within bank branches and even those who work a 9-5 day can often find making it to the bank within opening hours a challenge.

The latest advancements in remote enrolment of biometric payment cards will mean that enrolment for biometric payment cards can take place in the comfort of your own home. Card users will be able to enrol straight onto the card by simply placing their finger on the sensor (with the aid of a small device that comes with the card) to upload their print to the card’s highly secure EMV chip. There is no need for an external computer, smartphone or internet connection. Once loaded, the fingerprint never leaves the card, thus eliminating multiple attack points.

Biometric payments will bridge the gap to financial inclusion

In 2019 advances in biometric fingerprint authentication will be a vital ingredient when bridging the gap to financial inclusion. Currently, 1.7 billion adults remain unbanked across the globe today[3]. This is for many reasons, from immigration issues, to illiteracy as well as mental health. Those living with dementia are also at risk of losing their financial independence as their short-term memories decline. A fingerprint sensor on the card can take the place of a PIN or even signature, meaning sufferers are able to stay financially independent for longer.

Currently those who lack access to financial services are missing out on the many benefits financial inclusion has to offer. Fingerprint authentication will remove the barriers that face those with literacy challenges, or face difficulty with memory, as card payments will no longer be about what you know, or what you can remember, but who you are.

Currently those who lack access to financial services are missing out on the many benefits financial inclusion has to offer.

Biometric authentication will be a simple, secure and convenient solution eradicating the need for passwords and PINs as a form of authentication. For this to work as a solution to financial inclusion, banking infrastructures and card manufacturers must work together to reach a price point that enables this technology to be available to all.

The possibilities for biometrics are endless…

While biometric authentication technology is already being used with smartphones and passport identification in the UK, 2019 and beyond will see endless possibilities for the use of biometric smart cards into payments and beyond. We can even expect to see biometrics branch into the Government issued identification and IoT enabled devices arenas.

In fact, a whole host of public services is set to benefit from this secure means of authentication. The use of biometric smart cards within the NHS, for example, could see access to sensitive patient records limited only to the patient themselves. Biometric social benefits cards could control how the money is spent and that it is spent by the right person. According to IDEX research, 38% of consumers surveyed would like to see biometric methods of authentication introduced to wider government identification including driving licenses, National Insurance numbers and even passports.

The future of the biometrics – 2019 and beyond!

In 2019, authentication will get even smarter, and further technological advances such as multi-modal or multi-factor authentication will further enhance security within the payments landscape. This refers to technology that combines a variety of different types of biometrics in order to add an additional layer of security, including persistent authentication. For example, instead of having one single authentication, smartphones could continuously scan features to ensure the correct person is using the device.

Whilst the biometric dual interface smart payment card is set to hit the mass market next year – this is just the beginning. The payment card of tomorrow will go beyond just transactions. Biometric smart cards will serve multiple purposes – a payment card, a form of ID for restricted goods and even a loyalty card!

The early days of biometrics where it was felt to be invasive and a privacy concern are long gone. In fact, according to recent research from IDEX, 56% of consumers surveyed state they would trust the use of their fingerprint to authenticate payments more than the traditional PIN. Further to this, 52% would feel more confident if their fingerprint biometric data was stored on their payment card, rather than a bank’s central database.

Consumers are ready for the use of biometric fingerprint methods of authentication for card payments and 66% expect their roll out to authenticate in-store transactions in 2019. We predict that by 2019 biometric smart payment card adoption will go into many millions!

[1] https://www.financialfraudaction.org.uk/news/2017/09/28/latest-industry-data-shows-fall-in-financial-fraud/

[3] https://globalfindex.worldbank.org/

According to recent research by IDEX Biometrics, more than half (53%) of cardholders would trust the use of their fingerprint to authenticate payments more than their PIN.

A further 56% of research respondents stated that they would feel more secure conducting purchases with their card, if they were authenticated with their fingerprint. It seems that payment card users are very aware of the limitations of their PIN with almost half (45%) admitting that they never change them. And a third (29%) expressing concerns that PINs cannot be relied on to keep their money secure.

This scepticism around current card security measures also extends to contactless payments with 63% questioning their security and 70% believing that they actually leave them exposed to theft and fraud when used.

It is evident, that as a nation, we are ready for the introduction of biometric fingerprint card authentication. The only area of concern users admitted to, was how their fingerprints would be stored. 45% were worried that criminals could mimic their fingerprint biometric data and a further 51% was concerned about the possibility of it being stored in a bank’s central database - leaving them exposed to identity theft or their personal information being used without their knowledge.

These findings highlight that banks need to provide reassurance that biometric fingerprint authentication can be used in a user-friendly manner. There is no need for this information to be retained centrally and that any fingerprint data is kept with the user on their own cards. Providing customers with the confidence that they can embrace fingerprint biometrics as a more secure and personal method of authentication for their payments.

“Consumers are ready for the use of biometric fingerprint methods of authentication for card payments and it is set to be a reality in 2019, but banks have a responsibility to address security concerns, particularly in relation to how and such data is held. It is ultimately up to the banks and the financial services sector to reassure consumers to drive adoption and ultimately tackle fraud head-on,” comments Dave Orme, SVP at IDEX Biometrics.

“With a resounding 53% of consumers stating they would trust the use of their fingerprint to authenticate payments more than the traditional PIN, this must be where the UK banking industry focuses its attention. Chip and PIN is now 12 years old, and has seen its course. The consumer demand for fingerprint methods of authentication is a reality, with two-thirds (66%) of UK consumers expecting their roll out to authenticate in-store card transactions by 2019,” added Orme.

(Source: IDEX Biometrics)

With a world that increasingly relies on the individuality of society, transformation towards bespoke platforms and mechanisms is inevitable. Here David Orme, Senior Vice President of IDEX Biometrics, discusses the growing benefits of biometrics in the world of money, a world which for consumers is deemed one of the most private and personal to each of us.

Sadly, our relationship with money and purchases is not as personal as it used to be. Gone are the days when people would visit their local banks, queue up at the kiosk and request to withdraw cash from their account via the bank clerk.

Modern technology has positively shaped personal finance in many ways by providing convenience and security through areas such as online banking and payment cards. As a result however, our personal relationships with our money is quickly deteriorating.

After all, we live in a world of personalised experiences. Amazon offers us individual recommendations, Spotify suggests great new songs based on our listening, and Netflix knows what we’ll love to watch. We now expect everything to be unique and tailored to us and our personal preferences. It puts us in control and validates that we are each individuals with our own specific likes and needs; that in a world of 7.6 billion people, we have a voice.

This taps into an innate love of the personal... Something that reflects who we are: from a monogrammed shirt, a personalised number plate, a tailored itinerary for your holiday to simply how you like your coffee.

Yet there are some things in life that have resisted being personalised: credit and debit cards are one such example. They’re all the same. All dull and functional. Generally, the only way to personalise cards currently is to use a PIN with significance such as a birthday, as insecure as that may be.

But as the protagonist from the 60s TV show, The Prisoner, famously shouted “I’m not a number!” None of us are numbers. We are all unique. And what is more unique than our fingerprints?

Biometric intervention

Our society has become increasingly security conscious, in a landscape characterised by the rising skill levels of cyber criminals. With biometric technology already implemented as a security measure in airports, and even on the latest smartphone devices, the idea of fingerprint recognition should not be a foreign concept. Instead, due to it already being a consumer habit, biometric payment cards will be easily adoptable, thus paving the way for a smooth transition.

Traditional methods of authentication such as the Personal Identification Number (PIN) are becoming more and more outdated. Failing to combat fraud, the PIN has seen millions lost to scams ranging from shoulder surfing to lost and stolen, even to opportunist criminals discovering PIN codes written down.

By introducing a biometric payment card, consumers will be far more protected from fraud, which will eventually bring an end to the PIN. By storing a fingerprint sensor directly onto the payment card, as opposed to a central database, there is nobody else in the world that will be able to connect with the card to issue a transaction other than the owners themselves. Thus, creating a far more accurate method of authentication and the ultimate personal relationship between consumers and their cards. With everything else now seemingly moving towards a digital platform, this is the last piece of physical interaction in payments and therefore a much-needed opportunity to build a personal connection and better security to combat fraud head-on.

Specifically, the reference fingerprint can easily be uploaded to the card by the user, at home, and once that is done they can use the card via existing secure payment infrastructures — including both chip and ID and contactless card readers — in the usual way.

Once it is registered and in use, the resolution of the sensor and the quality of image handling is so great that it can recognise prints from wet or dry fingers and knows the difference between the fingerprint and image ‘noise’ (smears, smudging etc.), that is often found alongside fingerprints. The result is a very flexible, durable sensor that provides fast and accurate authentication.

Fingerprint recognition will provide a clearer means to distinguish an individual from everyone else on the planet. This technology will not only assist the financial sector, instead, its benefits will transcend into a range of areas, from bolstering national identification which will help address healthcare and social fraud, assisting financial inclusion and maintaining access to controlled spaces such as government buildings.

How soon is now?

Fortunately, the long-held ambition to add biometrics to cashless transactions has now been achieved. The production and trials of an extremely thin, flexible and durable fingerprint sensor, suitable for use with payment cards, is underway in countries such as Bulgaria, the US, Mexico, Cyprus, Japan, the Middle East and South Africa.

However, we anticipate that each banking customer may deploy as many as 100,000 biometric cards to their account holders by the end of 2018 and that biometric bank card adoption will go into many millions from 2019. Paving the way for payments to become personal once again.

Personal relationships are a key part of life, they offer us a sense of importance and happiness. The time is now for this to extend to our payment cards. Biometric payment cards will create a unique connection, with transactions exclusive to the owner, shunning anyone else on the planet trying to access the sensor. Not only is this integral to creating a personal relationship between the card user and their bank, but the security benefits are therefore more profound as the challenge of forging fingerprints is a far more complex one for criminals

Though biometric technology is already in-place across our society, its potential within payments has yet to be truly discovered. Before this can be achieved, banks need to gain consumer trust and promote the value of biometric technology before its benefits can be realised by us all.

Personal identification numbers (PINs) are everywhere. These numeric versions of the password have been at the heart of data security for decades, but time moves on and according to Dave Orme, SVP at IDEX Biometrics, it is becoming evident that the PIN is no longer fit for purpose. It is too insecure and leaving consumers exposed to fraud.

Why bin the PIN?

In a world that is increasingly reliant on technology to complete even the most security-sensitive tasks, PIN usage is ludicrously insecure. People do silly things with their PINs; they write them down, share them and use predictable number combinations that can easily be discovered via social media or other means. And this is entirely understandable: PINs must be both memorable and obscure, unforgettable to the owner but difficult for others to work out. Previous research has shown that when people were asked about their bank card usage, more than half (53%) shared their PIN with another person, 34% of those who used a PIN for more than one application used the same PIN for all of them and more than a third (34%) of respondents used their banking PIN for unrelated purposes, such as voicemail codes and internet passwords, as well. In the same study, not only survey respondents but also leaked and aggregated PIN data from other sources revealed that the use of dates as PINs is astonishingly common1.

But if the PIN has had its day, what are we going to replace it with?

Biometrics

Biometrics may seem to be the obvious response to this problem: fingerprint sensors, iris recognition and voice recognition have already been trialled in various contexts, including financial services. In fact, wherever security is absolutely crucial, you are almost certain to find a biometric sensor — passports, government ID and telephone banking are all applications in which biometric authentication has proven highly successful.

For biometric authentication to work, there has to be a correct (reference) version of the voice, iris or fingerprint stored, and this requires a sensor. The search for a flexible, lightweight, but resilient, fingerprint sensor that is also straightforward for the general public to use, has been the holy grail of payment card security for quite some time.

It is one thing to build a sensor into a smartphone or door lock, but quite another to attach it to a flexible plastic payment card. A major advantage of fingerprint sensors for payment cards is that the security data is much more difficult to hack.

Not only are fingerprints very difficult to forge, once registered they are only recorded on the card and not kept in a central data repository in the way that PINs often are - making them inaccessible to anyone who is not physically present with the card.

Your newly flexible friend

Fortunately, the impossible has now been achieved. The level of technology that has been developed behind the sensor makes it simple for the user to enrol their fingerprint at home, and once that is done they can use the card over existing secure payment infrastructures.

Once it is registered and in use, it can recognise prints from wet or dry fingers and knows the difference between the fingerprint and image ‘noise’ (smears, smudging etc.) that is often found alongside fingerprints. The result is a very flexible, durable sensor that provides fast and accurate authentication.

The PIN is dead, long live the sensor

Trials of payment cards using fingerprint sensor technology are now complete or under way in multiple markets, including the US, Mexico, Cyprus, Japan, the Middle East and South Africa. Financial giants including Visa and Mastercard have already expressed their commitment to biometric cards with fingerprint sensors, and some are set to begin roll-out from the latter half of 2018. Mastercard, in particular, has specified remote enrolment as a ‘must have’ on its biometric cards, not only for user convenience but also as means to ensure that biometrics replace the PIN swiftly, easily and in large volumes2.

With the biometric card revolution now well under way, it’s time to say farewell to the PIN and look forward to an upsurge in biometric payment card adoption in the very near future.

1 Bonneau J, Preibusch S and Anderson R. A birthday present every eleven wallets? The security of customer-chosen banking PINs: https://www.cl.cam.ac.uk/~rja14/Papers/BPA12-FC-banking_pin_security.pdf

2 Mastercard announces remote enrolment on biometric credit cards: https://mobileidworld.com/mastercard-remote-enrollment-biometric-credit-cards-905021/

There is a rush to improve speed, convenience and user experience in financial interactions, but at what cost to security?

 

While for the most part bankers are positive about their ability to improve their financial performance in 2018 and beyond, evolving risks – particularly cyber risk – are no doubt preoccupying their thoughts.  A recent report by professional services firm, EY, puts cybersecurity as the number one priority for banks in the coming year, and it comes as no surprise, especially with Britain’s National Cyber Crime Unit data showing 68% of large UK businesses across sectors were subject to a cybersecurity attack or breach in the past 12 months.

It’s a mounting problem, and the financial services industry needs to fight back. We’ve picked out the four key ways of countering the continuing threat to banks’ cybersecurity – and it’s a case of fighting cyber with cyber.

 

  1. Artificial intelligence

Like it is in retail and manufacturing, for example, artificial intelligence (AI) and advanced analytics will play a key role in banking moving forwards.

And the financial services industry is looking to this technology to play a major part in the prevention of cyber attacks, reducing conduct risk and improving monitoring to prevent financial crime.  Mitigating such external and internal threats is critical to both business continuity and limiting operating losses, and so AI shouldn’t be overlooked as a key tool in reaching this goal.

 

  1. Electronic identification

In order to meet the regulatory technical standards, which will be enforced in September 2019 as part of the European Union’s PSD2 payments legislation, the number of transactions requiring two-factor authentication will rise in the coming months.

What has been deemed by the industry as “Strong Customer Authentication” will be required, and this should result in payments and account access relying on customers providing and using a combination of the following: something they know, like a password; something they have, like a phone or card; and something they are, such as a fingerprint.

More factors equals more security is the industry theory here.

 

  1. Biometrics

Which leads us neatly on to point three: biometrics. This push for two-factor authentication and new electronic identification will pave the way for more biometrics use.  With some of the largest players in card payments, including Mastercard, investing heavily in such solutions, we expect others to start to follow suit.

As Ajay Bhalla, President for global enterprise risk and security at Mastercard puts it: “The use of passwords to authenticate someone is woefully outdated, with consumers forgetting them and retailers facing abandoned shopping baskets.

“In payments technology this is something we’re closing in on as we move from cash to card, password to thumbprint, and beyond to innovative technologies, such as AI.”

 

  1. Blockchain

According to the EY research report, 20-40% of financial service providers are investing in Blockchain now and are planning to increase investment, while approximately the same percentage are investing now but planning to reduce expenditure.

Either way, it shows that Blockchain is very much on the agenda for banks. The main attraction of Blockchain is that it creates an indelible audit trail which is distributed across multiple servers, so there’s no single weak link for cyber attackers to target. This provides banks with unparalleled transparency and increases trust.

Blockchain also has the potential to make a complex global financial system less complicated and reduce the number of middlemen involved in the transferring of money.

 

So, that’s the technology on offer, but what are the next steps?

Unless banks collaborate more with their peers, or improve their use of the wider ecosystem, the required investment in advanced technologies to address issues of growing cybercrime will be substantial and could strain their ability improve financial performance and grow their businesses.

And, as bank leadership teams focus on investing in the relevant people and technology – and it is the combination of both that’s crucial here – to enhance cybersecurity, they may struggle to find the right skill sets or the right methods for integrating cyber experts into their organisations.

Raising their knowledge of the technology available to help stem the tidal wave of cyber threats is a key requirement for banks, if they don’t want to end up washed up on the shore as a result of their defences being breached.

 

 

Below Dave Orme, SVP, IDEX Biometrics, discusses the challenging landscape of payments and fraud, the fight against scammers and the obstacles the future will find in a cashless society.

Clearing up the mess left behind by fraudsters is a serious challenge and sees financial institutions having to absorb the monetary and logistical damage of card payment fraud daily. Meanwhile, consumers are left with a feeling of dread when they see transactions, that they know they haven’t made, on their payment card accounts. Finding themselves needing to take time away from work or home, to report stolen cards, cancel cards and wait for new ones. Not only is this frustrating for cardholders, it takes a huge amount of time investment by banks to resource this process. Payment card fraud is a serious problem that affects every one of us.

In fact, card fraud is a serious and increasingly urgent problem. Financial Fraud Action UK (FFA UK) reports that in 2016, fraud across payment cards, remote banking and cheques totalled an astonishing £1.38 billion, an increase of 2% on the previous year. The overwhelming majority (80%) of this fraud involved payment cards; there was a particularly large (30%) increase in the proportion of cards lost and stolen, and these alone accounted for losses of £96.3 million.

There is no single reason for these figures; impersonation and deception scams, as well as data breaches, have all played their part. But the UK is becoming an increasingly cashless state — debit card payments overtook cash payments for the first time recently — so we have no real option but to stop the fraudsters. The obvious question is, how?

Fighting back

Financial institutions currently bear much of the impact of card fraud, and in response are investing heavily in machine learning, predictive analytics and other cutting-edge technologies to beat the criminals. These are having some effect; in 2017, fraud losses on payment cards fell somewhat (which contrasts with 2016, as we have seen), but even so there was still £566 million lost to payment card fraud alone and seven pence in every £100 spent was fraudulent — a very worrying statistic in a society that is rapidly increasing its reliance on cards.

In other words, payment card fraud has been a huge problem for a sustained period of time and the steps currently being taken to stop it are not effective enough.

Human nature

In a society that relies more and more on technology, payment cards are the weak link; or rather, the behaviours of the people who own and use payment cards are the weak link. It is human nature to make the mundane administration of life easier — but we all know how dangerous writing down your PIN because you keep forgetting it (and worse, keeping the card and the PIN together) can be. Many people are also guilty of sharing their PIN and card with their friend/partner/relative to enable transactions without the need to be present. Others give out cards and PINs to trusted people because they are elderly or have mobility problems and getting the necessities of life is so much easier that way. All these behaviours are very common, but they are also making card crime very easy.

People fail to keep their PINs or other card details safe not because they are inherently foolish or lazy, but because PINs are simply unfit for purpose. To be effective they demand a far higher standard of discipline and security from human nature than human nature is ever likely to give. The result is a massive headache for individuals, financial institutions and businesses all over the world.

But if not PINs, then what?

Giving the finger to fraudsters

Biometrics, including fingerprint recognition, is a field increasingly recognised as holding the key to card fraud prevention as such fraud becomes a more and more urgent problem. And while financial services may be looking at large-scale use of biometrics now, in other security-conscious sectors this has already happened. For example, many smartphones (which are themselves fast becoming the twenty-first century replacement for the wallet) are protected via fingerprint authentication, usually via a sensor on the lock screen. Passports are also routinely issued with biometric authentication built in, as are government ID cards. Biometrics are used where security is non-negotiable.

Until recently, including biometric authentication in a payment card was very difficult. This is because it required a sensor to be incorporated in the card and for many years those sensors were too large and inflexible to make that viable. However, there have been breakthroughs in this technology recently and we are now able to deliver a very thin, flexible fingerprint sensor that is easy to add to a standard card, so the major barrier to using biometrics with payment cards has now been overcome.

Looking ahead

Biometrics companies are now working in partnership with banks and other financial institutions, smartphone manufacturers and payment processing firms, to make gold standard authentication affordable, practical and available for payment card users and issuers. This is very good news for those in financial and security businesses, because the roll-out of biometrics in those fields will relieve much of the pressure of fighting what is, frankly, now a losing battle. With the arrival of simple, secure and personal authentication for all, hopefully we will see the demise of that twenty-first century pickpocket that is the payment card fraudster.

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram