Joe’s smartphone reminded him he needed to do a quick money transfer to his brother’s account for tuition fees. With a simple swipe and fingerprint authentication, he opens up his mobile banking app. Since the amount is big, Joe is further prompted to do a facial biometric authentication. He looks into the phone camera and blinks, and pronto the transaction gets confirmed!
Passwords and PINs are passé; mobile biometrics is taking the banking industry by storm.
The smartphone has altered the market for biometrics in mobile banking. The days of kiosk-based, password-enabled transactions will soon be a thing of the past. The in-built smartphone cameras, fingerprint sensors, microphones now let users employ their own hardware to capture their facial, fingerprint and voice characteristics, paving the way for what we call “multi-factor” biometrics.
Mobile biometrics has caught the imagination of the digitally empowered banking consumer. From reduced incidents of fraud and faster transactions to higher accuracy and authentication (refer figure 1); mobile biometrics has brought in a new dimension to banking on the go.
Figure 1: Go as you like
Figure 2: From single to multi
While they roll-out biometric options for clients, banks need to weigh parameters including accuracy (FAR/FRR), speed, social acceptance, verification vs identification, barriers to attack and ease of deployment. For instance, a private bank that has very high security threshold for their high net-worth clients may opt for Iris instead of fingerprint or voice, even though Iris may score low on ease of deployment or social acceptance.
Often, we do not see banks restricting to just one biometric option for their clients. Based on the transaction risk, they may opt to mix and match the options by requiring only the fingerprint to login but asking for a combination of Iris and voice to initiate a large dollar transaction (multi-factor).
An inflection point
Biometrics in banking is at an inflection point with improvements in technology on an almost daily basis, making it an extremely compelling option for both banks and their clients. While banks have choices to make in terms of routes to pick (facial, voice, Iris, fingerprint etc.), uni-factor vs. multi-factor, they also need to decide on the preferred implementation options that could be in-house, cloud-based or a combination of both with the data being in-house for security reasons. We also believe that biometrics will eventually move from external body traits to internal traits like heart rate or vein recognition that offer higher level of security cover. Then there is the option of behavioral biometrics that looks at the gestures and speed with which users type their passwords (for example) and then combine these with traditional biometrics to offer a more robust solution. These surely are exciting times for banks, customers and technology providers.