Chink in the armor
While smartphones with sensors have made biometric technology more accessible and mainstream, giving passwords a run for their money, the transition does come with its share of challenges. One such challenge is the security risk associated with data leakages.
The uniqueness and the immutable nature of biometric data, which is its USP, can also turn out to be its biggest Achilles’ heel. A stolen password can always be changed by the user whereas a user’s biometric data is permanently compromised. There have been many instances where the fingerprint (widely accepted biometric option) data has been either replicated or stolen by hackers.
“The ‘non-perishable’ nature of certain biometrics is driving serious concern in security circles,” says CEB Executive Advisor, Jason Malo, “While biometrics are easier to use than passwords, when they are compromised they cannot satisfy the security role for which they were implemented.”
The Iris recognition technology is, thus, becoming more widely accepted and may soon replace fingerprints since it is not only cheaper to implement but also difficult to replicate, and, thereby, more secure.
The other challenge relates to the overall customer experience and makes it as seamless as possible across all mobile devices. For instance, not too many smartphones offer fingerprint sensors. If banks can offer both fingerprint and the facial recognition options, customers can use a wider range of devices. In fact, smartphones with as little as a 1 mega-pixel front-facing camera can offer the facial recognition option and this covers probably the entire smartphone market.
Yet another challenge is the need for standardization of biometric data when multiple vendors are involved in the process. Often, banks need to decide whether to offer uni-factor biometric options or go for multi-factor authentication (refer figure 2).