Biometrics for banks: identity protection and regulatory compliance

Face AuthenticationIdentity authentication based on biometric matching continues to grow along with consumer acceptance in both private and public sectors. Biometrics, the unique physical characteristics that all human beings have, include fingerprints and iris scans, as well as facial and voice matching. These modalities can all be used – to various extents – to clearly identify and/or authenticate the identity of an individual. Where passwords and PIN numbers were once our primary security option, our own physical uniqueness has begun to transform the way we interact with our online world.

Once the domain of law enforcement only, biometrics will continue to grow in acceptance in commercial markets. Key to this acceptance and growth is the onboarding process – or the initial biometric capture process. An example is the growing number of traditional financial institutions who now request that new customers add one or more biometric characteristic during registration. This biometric could be a fingerprint, a voice sample, or an image of the customers’ face. These unique characteristics become part and parcel, then, of the customer’s interaction with the financial institution. Instead of entering a password, the user repeats a phrase (voice) or takes a selfie (face). Passwords can be lost and stolen. Faces cannot.

As well as offering convenience and security for consumers, biometrics also assist institutions with compliance to government regulations including Know Your Customer (KYC). KYC is the process of certain types of businesses verifying the identity of their client base – both new and existing. (The term also refers to the federal regulations that govern these activities.)

Identity documents can be faked. Identities and Social Security Numbers are widely available for purchase on the dark web. This information can be used to repeatedly craft phony identities for fraudsters and terrorists to create new access. The addition of a biometric, however, changes the game. Once that unique physical characteristic is attached to an identity, it becomes extremely difficult for the new identities to be forged.

Here’s how: In the onboarding process, a new client will be asked (for example) to add an image of their face. A photograph is take via existing devices such as a smartphone, and that photo is added to the customer database. That photo can then be checked against all existing photos to determine if the same individual is trying to enter the system with a second identity. That’s an immediate red flag for the bank, and certainly worthwhile investigating.

That said, the benefits for financial institutions and other commercial organizations are well understood. What about the consumer, though? Why would we agree to add an image of our unique physical characteristics to our personal accounts? There are actually several reasons why we would:

First, there is the convenience factor. Typing in long, multi-character passwords on a small smartphone keypad is much more difficult than entering a short PIN and taking a selfie. Also, as human beings we quite often forget our passwords. Our face is just always there.

Moreover, having a biometric tied to our personal accounts makes it much, much harder for fraudsters to take over our accounts. Our passwords can be stolen or guessed, and account takeovers are commonplace. Our biometrics are difficult to fake, but liveness detection measures are warranted. This makes our accounts more secure, more hack-proof.

So, the benefits of biometric authentication are clearly understood for both business and consumers. These benefits begin, as stated, with the onboarding process. In coming months and years, using your voice or face to transact online will become mainstream, particularly with younger “selfie” generations who are much more willing to trade the capture of a biometric for enhanced safety and convenience in transactions.

Share on LinkedInTweet about this on TwitterEmail this to someone
By | 2017-03-24T12:46:59+00:00 January 12th, 2017|

About the Author:

Doug is responsible for Aware’s business development and sales to domestic commercial markets, with particular focus on FIDO® Suite and Inquire™ software products for biometric authentication and identity resolution, respectively. Doug has over twenty years’ experience marketing and selling enterprise software solutions worldwide, with extensive background in data technologies and identity resolution, and deep knowledge of the fraud and compliance markets for banking, retail, and other markets. Doug is a member of the Association of Certified Fraud Examiners (ACFE).