While they roll-out biometric options for clients, banks need to weigh parameters including accuracy (FAR/FRR), speed, social acceptance, verification vs identification, barriers to attack and ease of deployment. For instance, a private bank that has very high security threshold for their high net-worth clients may opt for Iris instead of fingerprint or voice, even though Iris may score low on ease of deployment or social acceptance.
Often, we do not see banks restricting to just one biometric option for their clients. Based on the transaction risk, they may opt to mix and match the options by requiring only the fingerprint to login but asking for a combination of Iris and voice to initiate a large dollar transaction (multi-factor).
An inflection point
Biometrics in banking is at an inflection point with improvements in technology on an almost daily basis, making it an extremely compelling option for both banks and their clients. While banks have choices to make in terms of routes to pick (facial, voice, Iris, fingerprint etc.), uni-factor vs. multi-factor, they also need to decide on the preferred implementation options that could be in-house, cloud-based or a combination of both with the data being in-house for security reasons. We also believe that biometrics will eventually move from external body traits to internal traits like heart rate or vein recognition that offer higher level of security cover. Then there is the option of behavioral biometrics that looks at the gestures and speed with which users type their passwords (for example) and then combine these with traditional biometrics to offer a more robust solution. These surely are exciting times for banks, customers and technology providers.