How biometric authentication can increase mobile banking security

Senior Business Analyst and Financial and Banking IT Consultant, ScienceSoft

“Despite storing large amounts of personal information on their devices, most people don’t implement even the most basic security countermeasures on their smartphones.”

Limor Kessem, executive security adviser at IBM Security Systems

With emerging cases of mobile banking fraud, banks have to ensure the ultimate protection of sensitive customer data with cutting-edge technology. Our experience in banking software development proves that biometric authentication can become an effective information security measure for banks.

Biometric authentication in mobile banking

About biometric authentication

Biometric authentication is a technology that analyzes individuals’ biological and behavioral traits to automatically recognize and verify their identity and provide access to the system (e.g., online or mobile banking). Examples of physiological characteristics include fingerprints, iris, retina, face, vein patterns, and even ear structure. Behavioral methods analyze a person’s voice, typing rhythm, gait, gestures and other traits.

Why use biometrics in banking

The future of biometric authentication technology looks rather promising, as the number of mobile devices with biometric capabilities constantly grows [1]. Besides, a new study by Grand View Research estimated that in less than a decade the global biometrics technology market would exceed $59 bn [2]. Apart from the market trend, several reasons exist why banks should take advantage of biometric technology:

1.    Passwords are no more reliable

While passwords remain the most widely used means of ensuring customers’ security, 95% of web attacks make use of stolen passwords [3]. Most often, these attacks happen because of a human factor, since the majority of customers pick insecure passwords with predictable layouts or create complex ones that they can remember only with the help of hints. Such customers can become easy prey for hackers, which in its turn becomes a serious weak point in the overall bank’s security system.

2.    Customers have high security concerns

Though the majority of banks have lately heavily invested in mobile banking development, the adoption rates of the new service are not as expected. As the latest statistics show, currently only 43% of mobile phone owners with a bank account use mobile banking. The main reason for this lies in customers’ concerns about mobile banking security. According to a recent Federal Reserve study, 73% of customers don’t use mobile banking, and 67% are reluctant to embrace mobile payments because of this reason [4]. Thus, biometric authentication has all chances to become a convincing proof of high security standards for mobile banking apps.

3.    Customers appreciate biometric authentication

Since Apple introduced its Touch ID and Samsung developed its fingerprint scanner, using physical characteristics as a form of authentication has become more acceptable among customers. In fact, the joint research from Iovation and AiteGroup revealed that 85% of respondents wish to replace passwords with more advanced authentication methods [5].

Biggest banks form the biometrics technology trend

Major banks appraise new authentication possibilities as a perfect chance to improve both security and customer experience.  For example, Wells Fargo introduced a new mobile banking feature that allows corporate customers to log into their accounts using eye-scanning technology. With this novelty, financial managers can monitor cash positions, wire money, fund payrolls and do other activities without the need to authenticate with the previously used security tokens.

Citigroup partnered with a fintech company NICE to deploy voice biometrics authentication. The bank uses voiceprints to automatically verify customers’ identities while they explain the reason of calling to a customer service representative. With this technology, the bank’s employees can skip the recurring set of questions to prove a customer’s identity.

Instead of voice analysis, Bank of America introduced fingerprint-scanning technology. Since its launch in September 2016, about 33% of the bank’s 20 mln. mobile banking users embraced the new authentication method to log in their accounts.

However, some banks still stay more cautious and set a limited number of financial activities that customer can do without a password. For instance, JP Morgan Chase’s customers log in their mobile banking apps with fingerprints, but use a password for digital money transfers.

How to ensure high-level security with biometrics

No doubt, biometric methods aren’t flawless, which results in certain limitations of their practical use. For example, the quality of face recognition depends on the light conditions or a customer’s aging. As for fingerprint authentication, the recognition rate can decrease in case of a finger injury or mere dirt on it. In case of voice recognition, a customer’s illness or extraneous noise may affect the authentication process while iris scanners may not work with colored contact lenses.

Besides, there’s always a slight chance that hackers get a biometric template to penetrate the system. In this case, a bank can consider additional security measures. For example, an eye scanner can require customers to blink or move their eyes to prevent a hacker from using someone’s photo.

Final note

Though biometric authentication doesn’t ensure 100% effectiveness, it’s currently far more effective than passwords alone. And if banks combine the commonly used passwords with biometrics, they can bring in a two-factor authentication system that is now considered the most secure method to prevent data breaches in the banking industry.  

 

References:

  1. Lee, J. (2017). Biometric authentication to be used in over 600M mobile devices by 2021: Juniper Research. [online] BiometricUpdate. Available at: http://www.biometricupdate.com/201611/biometric-authentication-to-be-used-in-over-600m-mobile-devices-by-2021-juniper-research [Accessed 20 Jul. 2017].
  2. Global Biometrics Technology Market Size | Industry Report, 2014-2025. [online] Available at: http://www.grandviewresearch.com/industry-analysis/biometrics-industry [Accessed 20 Jul. 2017].
  3. Chuvakin, A. (2015). Highlights From Verizon Data Breach Report 2015. [online] Gartner. Available at: http://blogs.gartner.com/anton-chuvakin/2015/05/18/highlights-from-verizon-data-breach-report-2015/ [Accessed 20 Jul. 2017].
  4. Consumers and Mobile Financial Services 2016. (2016). [ebook] Washington, DC: Board of Governors of the Federal Reserve System, pp.2-13. Available at: https://www.federalreserve.gov/econresdata/consumers-and-mobile-financial-services-report-201603.pdf [Accessed 20 Jul. 2017].
  5. Conroy, J. (2017). Moving Beyond the Password: Consumers’ Views on Authentication | Aite Group. [online] Aitegroup.com. Available at: http://www.aitegroup.com/report/moving-beyond-password-consumers%E2%80%99-views-authentication [Accessed 20 Jul. 2017].

 

Searching for A-class mobile banking developers? We create award-winning mobile banking apps that improve customer experience and ensure cost savings.