By Cyndie Martini
Biometric authentication is fast becoming an essential consumer offering throughout the financial industry. By 2025, biometrics in banking and financial services is expected to grow to $11.5 billion, as noted in a February 2020 report titled, 'Biometrics for Banking and Financial Services' by Research and Markets. It is certain that credit union members will continue to expect biometrics services as part of their debit and credit card services.
Biometric authorization uses an individual’s biological characteristics to authenticate transactions. Currently, voice recognition, fingerprint identification, and facial features are used for biometric authorization, most commonly on mobile phones. It’s slick, quick, and easy. It’s also safe because individual characteristics are unique for every individual. A numeric password might be broken through password algorithms generators. It’s much, much harder to mimic a person’s face, voice or fingerprint.
Biometrics can be implemented everywhere that passwords are required. Usage has already gone far beyond just mobile phones. They are used at ATMs, in branches, and through phone voice verification. There are obvious benefits, as consumers using ATMs and transacting in branches no longer have to worry about using, or losing, a bank card or other forms of identification. Biometric authentication provides access.
Cost Savings
Enhanced security and cost are the two main benefits of biometric authentication. Biometric authentication, while expensive to implement, has a lower long-term cost of operation and higher customer satisfaction than traditional password methods. Exact cost numbers in the financial industry are difficult to come by, but all industries face the same problems with passwords — they get lost. A 2018 report from CNN found Microsoft spends $2 million per month, helping people change their passwords. That is a real cost for both companies and customers.
The numeric password's days seem to be numbered. There's an urgency by many companies to install a more efficient authentication processes. Passwords still have a grip on the world, though. Many companies are requiring more complex, sometimes computer-generated passwords, which no one can remember. Worse, these long, complicated passwords are stored in keychains that are cumbersome and vulnerable, as there are a lot of fraudsters out there running a lot of codes to break into password keychains.
Your Vendor Is The Weakest Link
While biometrics offer more security, that can all be undone through poor security management. Suprema is a great example of this. As found by Vpnmentor in 2019, a Suprema biometric database was hacked. Fingerprint and iris scans were stolen because Suprema did not hash its data. You can use the best front-end technology that efficiently connects to the cloud, but if admins on the backend of the service aren't securing the data, none of it matters. Knowing your providers is as important as ever.
The Future of Biometrics
Delta Airlines is already using a controversial facial recognition authentication scheme for its customers, as reported by Business Traveler. Once a passenger's face is recognized, a ticket is issued. It's an extremely fast method compared to using kiosks or the airline's website. Using the facial scanner, the airline is able to shave off nine minutes when boarding a wide-body aircraft.
A new technology that will make biometrics more secure is liveness detection. This method detects whether the scanned object is alive or inanimate, which prevents spoofed fingerprints or irises from passing biometric authentication.
Biometric payment cards are already being tested by FIs. These cards have a built-in fingerprint sensor to authenticate the user, removing the need to use a PIN. Natwest, a U.K. bank, began testing its card in April, as reported in the Guardian.
Government Legislation
Currently, there are no clear federal guidelines from the government on how banks can use consumer biometric data. At the state level, only Texas, Illinois, and Washington have biometric privacy laws. When the authorities come calling to view an individual's biometric data, where will financial institutions stand? What's the protocol? Credit unions need to put plans together now to deal with and respond to such privacy questions.
Regulation hasn’t caught up with speed of biometric innovation. This puts heightened responsibility on banks and credit unions to put appropriate barriers around privacy. In this case, self-regulation may guide government legislation.
Here to Stay
Biometric authentication is here to stay. It’s an elegant, seamless solution to the password imperative. And it’s fast evolving. Credit unions should be ahead of customer adoption and ready when members inquire about or demand biometrics.
But financial institutions should be cautious of investing in biometrics. Using cloud-based biometric services, banks and credit unions can expect a fairly low cost of integration and ongoing management. Biometrics continues to move into any area requiring authentication. The rollout for credit unions can certainly be done in phases, reducing the overall impact of implementation.
Cyndie Martini has managed and directed successful credit union card and ATM portfolios, marketing programs and business strategies for over 30 years. In 1998, Martini spearheaded Member Access Processing’s entry into the card payment and ATM processing arena - the first and only credit union league, the Washington Credit Union League, nationally to resell Visa Debit Processing Services (DPS) as a “collectively” priced card processing solution. Martini has propelled this business model into one of the nation's leading CUSOs while fostering MAP's relationship with Visa, Inc. into a premier and exclusive partnership.