According to new research from leading payment provider MasterCard, biometric technology is set to become an integral part of all online shopping, as tighter regulations concerning online fraud are introduced. For instance, new EU regulations come into effect next September, which will increase the number of transactions subject to two factor authentication, known as “Strong Customer Authentication” (SCA).

MasterCard has been a board member of The Fast IDentity Online (FIDO) Alliance since 2013. FIDO is a global non-profit trade association developing technical standards and certification programmes for simpler, stronger authentication.

Andrew Shikiar, CMO of The FIDO Alliance, comments: “MasterCard is spot on in its assessment; the use of passwords is woefully outdated as a means of online authentication. The problem has long been overreliance on yesterday’s approach and a reluctance to embrace the ways in which technology has transformed both our habits and the options available to us. It’s encouraging to see that the tide is finally turning, thanks in large part to evolving regulatory requirements in response to escalating levels of online fraud. Far more secure methods of authentication, including biometrics, are now readily available at our fingerprints, which can greatly improve security and privacy for consumers accessing online services, while improving the user experience into the bargain.

“As the range of activities we undertake online using mobile devices continues to rise, the more sensitive transactions – such as payments and money transfers – can be facilitated using device-enabled strong authentication. However, its success hinges on the industry’s ability to offer this at internet scale. Biometric modalities deliver a number of user experience benefits, but not all biometric systems are built on secure, tried-and-true public key cryptography. Biometric authentication relies on matching an input to a held piece of original data, and how that matching process is managed - and in particular how identifying data is stored - raises a host of security and privacy questions. For instance, if data is held in an online central database, a breach of that data could be catastrophic.

“On the contrary, a decentralised approach allows users to authenticate by using a private key on their personal device to sign a cryptographic authentication challenge from the service provider’s server. With this approach, the service provider only stores a public key associated with that user’s account, which cannot be leveraged by a hacker having infiltrated a database. This is one of many reasons why leading service providers like Google, Facebook, Microsoft, Dropbox and many more have deployed FIDO Authentication to protect hundreds of millions of consumers around the world, while reducing the outdated reliance on passwords.”

(Source: The FIDO Alliance)

The Biometrics Institute predicts that the development of biometrics over the next five years will shift towards online identity verification, government mobile applications, online payments, e-commerce, and healthcare.

Biometrics has been viewed as a secure method for financial transactions and security in many walks of life, with fingerprints used for clocking in at work or verification for contactless payments, but the institute’s research suggests there are further user cases set to emerge in the coming years.

And, it comes as no surprise for those studying the market closely. The global technology powerhouses, such as Microsoft, Apple and Samsung, are strong proponents of using biometric identification for PC, laptop or mobile access purposes and, as consumers get used to this way of engaging with tech, it naturally paves the way for fingerprints and iris scanning in payments.

The case for businesses and consumers

Various technology companies and card schemes argue it’s a secure way of paying, and with the likes of Apple Pay, Android Pay and Samsung Pay mobile payment solutions already using biometrics as part of their authentication process, there could be calls for more to come.

Companies like Starbucks utilise mobile payment providers like Apple Pay within their apps, meaning with the tap of a thumbprint money can move from bank account to Starbucks account, and subsequently be used at the point of sale. The simplicity of it continues to strike a chord with consumers, as the coffee chain’s latest figures show its Starbucks Mobile Order and Pay service represented 12% of US company-operated transactions in the three months to 1 April 2018.

Then there’s the Amazon Go effect to consider. As the online titan looks set to add more checkout-less physical stores to its inaugural offering in Seattle, enabling frictionless transactions without the need for shoppers to queue or visit a fixed cash desk or till, it will shape consumer expectations.

If this momentum continues and Amazon drives sales through these stores, you can imagine strong arguments from consumers for further installations of this type of technology in convenience retail – and one way of supporting speedy and secure transactions is through use of biometric identity.

Finger, face or eye scanning are all seen by industry analysts as ways to improve the authentication phase of payments for the consumer, while helping tackle growing fraud levels in retail and hospitality, and protecting customer information.

But biometric scanning isn’t fool-proof and can only be part of the identity solution, especially when being used to authenticate higher values purchases, for instance.

This means business considering adopting body-scanning payment methods need to be mindful of the trade-off between security and user-experience – and this requires a fine balance between how many false positives and false negatives are allowed in order to process a payment.  Too many false positives pose a security risk but, at the same time, too many false negatives could lead to a legitimate shopper not being able to authenticate a payment, resulting in poor customer experience and possible purchase abandonment.

A balance that provides the right level of convenience but mitigates against the risk of misauthentication will be key to successful biometrics payments solutions.

Choice trumps any individual payment type

At any trade show we attend the clear message is there’s no silver bullet when it comes to retail or payment technology.

Whether it’s mobile payment, buy-now-pay-later schemes, card and cash payment, crypto-currencies – or anything using biometrics in some way – they key for retailers is to know what their customers want and offer the relevant payment options. Businesses need to be sure that having helped navigate a customer to the all-important point of purchase they don’t lose them because they don’t offer the most suitable method of payment.

Therefore, retailers should be investigating biometrics usage as part of their suite of payment options, because the most forward-thinking organisations know they need to provide choice at the checkout.

Mobile support

It is clear mobile is very much at the heart of a lot of the innovation going on in the payment space, playing a fundamental supporting role for many of the new transactional options.

With Deloitte predicting that, by the end of 2023, 90% of adults in developed countries will have a smartphone, it’s obvious why tech companies and innovators in the payments space are targeting that piece of metal that sits in our pockets as a platform for their new solutions.

In the last 18 months the conversation in the financial world may have veered towards crypto-currencies and open banking, but before it becomes clear what impact these or, indeed, biometrics have on the overall landscape, we can be near-on certain that mobile will be central to it all.

As for the evolution of biometrics, fingerprints are already playing a key role in mobile payments processing, but in the future this could be usurped as the most dominant form of biometric payment.

Delving deeper into the Biometrics Institute research it appears facial recognition dominates as the biometric most likely to rise in popularity for businesses over the next few years. That is closely followed by a multimodal – a combination of two or more biometric forms – and then iris.

It’s certainly worth keeping an eye on how this all impacts retail payments in the not-too-distant future.

John Cooke is Founder and MD of Black Pepper Software, an agile software development company specialising in the financial services sector.

From AI to all things IoT, Russell Bennett, Chief Technology Officer at Fraedom, discusses with Finance Monthly the top five technologies that are already making waves in the banking sector.

Over the past five years, technology has fundamentally changed how the financial services sector operates. Many retail banks already successfully cater to customers’ digital needs. Business banking is now beginning to follow retail’s lead – and here we outline five of the top technologies transforming commercial banking today.

1. Biometrics and security

When adopting new payment methodologies, banks must strike a balance between ease-of-use, ease-of-access, and security. We’ve already seen that consumer payment methods using biometric authentication becoming mainstream and it won’t be long before corporate clients expect the same.

Extending this functionality into corporate cards has the potential to make commercial payments more seamless and secure. Mobile wallets that defer to personal attributes to make secure payments on cards offer a potential route forward.

2. Artificial Intelligence

Automation is dramatically increasing the number of financial transactions in an organisation. However, while it can track and store more processes than humans can – and more accurately – it currently can’t provide the next level service many clients are coming to expect of their financial partners: planning and modelling.¹

AI is rapidly establishing itself as the missing piece of the puzzle that takes the data flows created by automated transactions and knits them together to discover patterns. All this is important to commercial banks because patterns in spending and efficiency can potentially deliver valuable insights to help clients improve their financial health.

3. APIs

Customers’ demands, and expectations are moving rapidly, so there is growing pressure on the banking industry to provide new, easy-to-use, frictionless digital services fast.

Application programming interfaces (APIs) provide the technology to exchange customer data with other parties in a simple and secure way², facilitating rapid innovation in products and services. Creating new applications such as voice banking, P2P, loan processing and risk management and using APIs as building blocks, is now seen as the best way to keep up with the innovation challenges facing the financial industry.

Fintechs have dominated the API landscape by creating apps that have challenged and often surpassed solutions made by the banking industry.

To keep pace, banks now need to either invest heavily to develop this technology themselves or partner with fintechs in a bid to be more effective and efficient.³ By working together and taking advantage of APIs, banks and fintech firms can enhance the customer experience much more than either entity could do on its own.

4. ePayables – Crossing over from the Consumer to the Commercial World

The use of different payment types is partly a response to the consumerisation of our financial experience. Corporate clients can’t understand why payments should still be a laborious process of raising invoices and purchase orders, requesting printed cheques or bank transfers and creating lengthy payment terms.

Instead, the immediacy of a card – real, virtual or embedded in an app – ties all the above elements together. It gives unsurpassed traceability and is easy to add to financial management software.

Historically, paying by using a card has been seen as a debt generator. However, using payment cards as a substitute for invoice terms makes them a useful tool both to enhance a company’s working capital positions and to improve traceability, security and the level of control that can be placed on business spend.

5. Expense Management Systems (EMS)

An Expense Management Systems (EMS) is just one of many tools that can be brought together into a single financial view, helping businesses gain greater control over expenditure. Unlike written expense policies and separate transactional management software, an EMS embeds expense policies into the technology, allowing real-time reconciliation and approvals to take place.

Up to now, retail banking has been ahead of the game in embracing new technologies and digital disruption but corporate banks are now grasping the need to take advantage of the latest technologies to ensure commercial clients reap the same rewards - from workflow efficiencies through to intuitive, mobile first experiences, a trend that is only likely to accelerate in the future.

People unlock their phone and, increasingly, shop and pay with the touch of their finger. They don’t get locked out when they forget a password because it has been replaced with a simpler, more secure option – mobile biometrics.  Whether using a fingerprint, an iris scan or a “selfie” to confirm identity, banks see biometric technology as a way to provide greater convenience and security to customers as they use their accounts. But, it’s still early days in mobile biometrics, and a new report from Mastercard and the Department of Computer Science at the University of Oxford highlights a big barrier. Only 36% of relevant banking executives feel they have adequate experience to deliver.

To overcome this knowledge gap, ‘Mobile Biometrics in Financial Services: A Five Factor Framework’ explores this fast-evolving technology landscape and provides bank executives with guidelines to successfully bring mobile biometrics to life. Simply put, they need to focus on Performance, Usability, Interoperability, Security and Privacy.

Some of these factors are more visible to the consumer, having a real impact on user experience, while others operate behind the scenes. But, long-term success for a bank requires that they address all factors equally to protect against threats. The framework can help financial service companies avoid the trap of focusing only on the ones their customers see.

“Biometric authentication has a lot of potential, but it is important to address the objectives of each of the Five Factors when designing solutions. Working together with Mastercard enables us to solve for realistic threats to the industry with the best technical and scientific ideas. Users will need consistency, quality and assured security for this technology to thrive,” said Professor Ivan Martinovic, Department of Computer Science at the University of Oxford.

Ajay Bhalla, president, Global Enterprise Risk & Security, Mastercard, commented on the research initiative in a blog, saying: “Effective mobile biometrics melt into the broader experience of consumer-centric financial services, giving people the power to instantly access their financial information or make a payment. They’re driving the trend toward a password-free future where digital identity is all about who we are, not what we remember.”

Considering that global sales of smartphones are expected to reach $400 billion by next year, people everywhere will increasingly have access to the tool that makes mobile biometrics possible. Banks see that as an opportunity, and with initiatives like the collaboration with the University of Oxford and pioneering biometrics solutions like Mastercard Identity Check Mobile, Mastercard is a partner to deliver widespread and responsible adoption of mobile biometric solutions in financial services.

As Bhalla continued, “This framework is fundamental to accelerating the deployment of mobile biometrics for consumers and industry alike, but collaboration is key. We can only achieve this if industry, academia, governments and technology vendors understand and contribute to the evolution of the Five Factor Framework for mobile biometrics.”

“Mastercard and Oxford have done important work in exposing some of the root causes for the inconsistent adoption of mobile biometrics in financial services,” said Ravin Sanjith, Program Director: Intelligent Authentication, Opus Research. “We expect the Five Factor Framework to become an indispensable aide for industry professionals and decision makers to have better informed, strategic discussions that drive towards more efficient and successful high-scale implementations.”

Anthony Duffy, Director of Retail Banking, UK and Ireland at Fujitsu told Finance Monthly:

“The news that biometric authentication is now consumers” preferred choice for their financial services security is further evidence that biometric technologies are coming of age. Biometric solutions have been used overseas for many years, with Brazilian, Japanese and Turkish banks all using Fujitsu biometric solutions to support day-to-day banking transactions. However, it is only recently that British banks have started to deploy the technology on a significant scale. We are seeing a growing confidence in the security and effectiveness of biometric technologies, perhaps in part brought about by both Android and Apple mobile devices using finger/thumb print scanner technology as an unlocking option. After all, as the technology goes from new to familiar, there’s a natural acceptance and understanding, which breaks down previous barriers to entry.

“Financial institutions are keen to enhance their security measures further and to improve customer service. Biometric technologies, by being unique to the individual, help achieve both goals. Their use often reduces the use of passwords, or even eliminates them altogether, while often also providing an audit trail. When deployed to help identify customers, their use can speed up the identification and log-on process, by removing the need for security questions.

“The reliability, security and accuracy of biometrics make them ideal for banking. Add to that the widespread adoption of biometrics on mobile devices, and it’s clear the technology is set to flourish. Consequently, at Fujitsu, we believe that the use of biometrics in banking is something we will see much more of in coming years.”

(Source: University of Oxford)