BID Daily Newsletter
July 21, 2017

BID Daily Newsletter

July 21, 2017

Good vs. Evil & Multi-Layered Biometrics

We searched Google for the word "good" and got back 6.8B results. We then repeated the process for the word "evil" and got back only 609mm results. We were quite pleased to see that Google's algorithms are so smart that good wins out in the battle vs. evil. As with all things in life where this battle is occurring, good bank technology teams have also been fighting to beat back the evil doers out there in the cyber world. In this fight, some are turning to the field of biometrics.
Today, most banks safeguard customers' sensitive data with passwords, but a growing number are experimenting with biometrics. These processes use iris scans, fingerprints, face recognition or voice recognition to name a few and are considered a good way to verify a customer's identity. This is particularly true since passwords are often shared, common, easily stolen and easily hacked. Body parts on the other hand can't be so easily replicated. Because of this, biometric technology seems to hold significant promise for data security within banking. But, as recent events have shown, biometric technology is not infallible so banks still need to keep moving to keep their systems safe.
First, consider the successful efforts by a BBC reporter and his non-identical twin brother to fool HSBC's voice recognition software. A few months ago, the twin was able to mimic his brother's voice and gain access to his banking account. This wasn't an example of criminals trolling for unauthorized access and doing grave harm, but it nonetheless highlighted the vulnerabilities of voice recognition software. It is a warning signal to other banks that use voice recognition technology that this is still in its relatively early days, so additional protective measures are needed to sufficiently protect customer information.
Next, consider how the iris recognition system of the new Samsung Galaxy S8 was successfully penetrated by The Chaos Computer Club (CCC). This group is dubbed Europe's largest association of hackers. According to a spokesman for the group, whoever has a photo of the smartphone's legitimate owner can easily mimic the owner's iris and gain unauthorized access to the phone. This gets them into mobile wallets and perhaps even bank accounts. This isn't the first time the CCC has cracked biometrics security, as the group previously managed to defeat the fingerprint sensor on Apple's iPhone.
These recent biometric breaches highlight the need for banks to implement multiple layers of security. Indeed, no single solution is all-encompassing and nothing is a panacea when it comes to fending off evil players. That is why experts will tell you to use multifactor authentication, which requires a user to provide at least two types of authentication. This can include a password, biometric data, mobile phone or token. Nothing is infallible, but using multiple locks can help keep customer data safe.
It's especially important to keep these lessons in mind as the allure of biometrics is being propelled by the proliferation of smartphones. A recent study by digital security company Gemalto found that 48% of consumers expect a mobile device to become their primary form of identification by 2025 as a result of biometric technologies.
What's more, consumers are demanding banking apps employ biometric technology. A whopping 79% of bank customers want biometric authentication beyond the fingerprint in their mobile banking and payment apps, according to a new survey by biometric technology company, EyeVerify. Further, 42% of consumers polled said they now refuse to use mobile banking or payment apps that don't have biometric authentication.
Given all of this, it is very likely biometrics will become an even more important part of bank security in the future. Even so, we caution bankers to keep monitoring things to stay on top of shifting risks and technologies.