Strengthening Financial Security with Biometrics

Technology is evolving faster than ever, sprouting new business models and paving the way for the rise of fintech companies like Robinhood, PayPal and Coinbase. In addition to disruptions to traditional business models, emerging technologies are also optimizing the way traditional work gets done. One trend that’s gaining particular traction in financial services is biometric identification systems. According to a study by Grand View Research, the market size for biometrics is expected to reach $24.59 billion in the next six years and a lot of the growth will come from banks.

Biometric authentication is being used to strengthen – or in some cases completely replace –  outdated legacy passwords, tokens or swipe cards. With increasingly sophisticated techniques used by hackers, adopting biometric technology is no longer optional for banks and financial institutions, it’s an operational imperative. The good news is, the technology is a welcome upgrade by end users. According to a recent MasterCard study, users believe biometrics are more secure and convenient than passwords, and are willing to adopt biometrics to replace existing password-based authentication.

The benefits for financial services companies seeking to adopt biometric authentication is twofold, as it serves to protect the security of the business while enhancing the user experience for customers and employees alike.

How it Works

As flexibility and immediate access are demanded by the mobile workforce, most IT departments are facing increasing demand on their time due to legacy systems, new regulations, and the ever-increasing frequency and inevitability of security breaches. A root cause of breaches is that employees continue to rely on weak passwords and often fall prey to phishing attacks.

Enter biometrics. One thing that we never forget is our mobile phone. A natural transition is using your phone as part of an authentication platform. As a result, many financial institutions across the globe are investing in mobile biometric authentication for their employees and customers. Users are offered a choice of which biometric to use: fingerprint or facial recognition. One look or touch on their mobile device and they are able to prove their identity and receive immediate access to networks, accounts or applications with a single-step.

Biometrics in Financial Services

Biometrics represent a brave new world in client security and identity. Here are some use cases specific to financial services:

• Regulatory Compliance – As regulators work to catch up to technology, many new standards or laws have been implemented to protect personal identity and strengthen security. For legislation such as GDPR and MiFID II that require increased transparency – biometrics have proven to be an effective way to set up a foolproof audit trail of explicit authentication that can’t be duplicated. Furthermore, biometrics are an attractive option for European banks as they navigate compliance with PSD2 and the requirements for multi-factor authentication. Another interesting regulation is the New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies, which requires affected entities to use biometrics as part of an MFA solution. The final round of compliance deadlines for the latter is coming up fast — March 1, 2019.
  
  
• Mobile Banking – Using our phone for banking has become second nature. In fact, we’ve even seen the rise of mobile-only banks, such as Amsterdam’s bunq. When paired with biometric authentication, mobile banking helps extend financial inclusion for the unbanked or underbanked who may not have a credit history or permanent address to verify proof of identity. Thanks to biometric authentication, customers can sign up for accounts in less than five minutes with no paperwork or need to travel to a brick and mortar branch. 
  
  
• High-value Trading – Biometrics provide legal non-repudiation to significantly reduce trading fraud. If a large trade moves in the wrong direction, a trader can say, “it wasn’t me, I didn’t make that trade. Someone must have done it from my terminal.” To eliminate this risk, investment firms can use biometrics to authenticate both the trader and the trade. By implementing biometrics firms can create electronic records of every account session including the person, their IP address and the time of the transaction – leading to a reduction in fraudulent trading.
  
  
• ATMs – A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue for fraud. Thieves have figured out how to subvert these machines through phishing attacks, stealing money from people without accessing their bank cards. While convenient for customers, these machines are very insecure. Ultimately, passwords and PINs aren’t enough to protect people. To solve for this, ATMs are including biometric authentication and requiring users to prove their identity by fingerprint or facial recognition in order to access funds.

When asked why he robbed banks, the infamous bank robber Slick Willie Sutton said, “because that is where the money is.” Financial institutions continue to be attractive targets, and technology has increased the avenues adversaries can use to infiltrate these organizations. Financial executives understand the importance of developing innovative ways to protect the privacy and financial assets of their customers.

Financial services providers also need to consider their clients’ expectations for a frictionless experience. Mobile apps and online services are now the key points of customer interaction for financial institutions. Whether you’re using an ATM, a mobile banking app or issuing a high-value trade, the rising expectations are the same – customers and employees of financial institutions expect a high level of service from digital channels, including improved convenience and security.