With apologies to Marc Andreesson who famously said several years ago that software is eating the world, I think that same sentiment is going to be applied to biometrics and finance. And that is a good thing.
In a world full of cyber-hacks and data breaches most people would agree that the current system of text passwords is broken. In a recent survey it was revealed that 81% of people use the same password for multiple accounts with that number being even higher, at 92%, for millennials. Talk about a broken system. While the more sophisticated users will rely on a password manager like 1Password or Lastpass clearly the general population wants things to be simple even at the expense of security.
Enter biometrics. Biometrics is simply defined as the biological identification of a person. It has been in use for centuries and has been commonplace ever since the introduction of the photo-id driver’s license a few decades ago. But it has only been in recent years that its use has exploded.
The introduction of Touch ID on the Apple iPhone in 2013 was a seminal moment in the history of biometrics. People could suddenly use their thumb or finger print as an identity verification tool and forgo using a password. Today, on my phone I can login to my bank account, buy music or apps, buy a plane ticket, even check my Lending Club account all with the press of my thumb. No passwords needed. This saves the hassle of not only having to remember passwords but also having to type on these small devices.
Thumb prints were just one step. Voice interaction is now becoming widespread with millions of people asking questions of Alexa, Siri or Google every day. Alexa now has dozens of banking “skills” where you can check your account balance, make a payment or track your spending at several major banks such as CapitalOne, American Express or US Bank. Also, TD Ameritrade has their VoicePrint technology where you can phone in to customer service and verify your identity with just your voice.
In Apple’s new iPhone X we are going to see the first large scale application of face recognition technology. Over 100 million of these devices are expected to ship in the next 12 months and a key part of their security is Apple’s new Face ID. With so many people using this technology to unlock their phones every time they use it, it will only be a matter of time before financial services firms adopt this technology in a similar way to what they have done with Touch ID.
Another interesting technology that has been popularized to some extent by Hollywood is iris scanning. While still primarily in the testing stage in banking, this past summer Bank of America announced the trialing of iris scanning technology from Samsung. In the UK, TSB is becoming the first European bank to start using this same technology, also with Samsung phones.
Now, I realize there are serious privacy and security concerns with all this. There is still a lot of work to be done to ensure the safeguarding of this very private information. Because, while you can change your password, you can’t change your finger print, voice, face or iris. We need something more than just the physical.
Another technology with a lot of potential is behavioral biometrics. This is about measuring uniquely identifying human activities. We all have physical behaviors that are uniquely ours and by measuring the patterns in this behavior we can take a continuous approach to authentication. This way, if a hacker is able to successfully login to an account it will be very difficult to duplicate the exact behavior of the user and software can detect this intrusion. Behavioral biometrics can capture things like hand-eye coordination, pressure, hand tremors, keystroke dynamics, gait analysis, mouse use characteristics, navigation, scrolling and other finger movements.
Many argue that a multi-modal approach is best, particularly one that combines physical biometrics with behavioral biometrics. Some companies are giving users different options. USAA offers three variations of biometrics authentication already in their mobile app. Just this week Samsung announced a partnership with Biocatch to bring behavioral biometrics to its Nexsign biometric authentication platform.
We are still in the early innings of the application of biometrics into banking. The reality is that as this technology gets built into our phones it will become ubiquitous. Of course, there will always be privacy and security concerns and if those concerns can be mitigated, and I believe they will, then the floodgates will open. I think within a decade the concept of passwords will be fading away and biometric verification will be everywhere in finance. And that will be a very good thing for the majority of the population who like to use the same password for most of their logins.
Biometrics are not your face, fingerpint, voice, etc they are mathematical representations of these parts of you based on specific algorithms so NO if a biometric “template” is stolen it does not prevent you from using biometric data. You revoke it and create another.