Answering consumer fears, Clayton Locke looks at the potential of biometric security.
In 1988, Robert Tappan Morris attempted to discover the size of the web and in the process unwittingly released the world’s first internet worm to spread virulently in the wild. By the time he’d realised his mistake, the Cornell University graduate student had infected 10 per cent of the world’s internet-connected computers; an unintended cyberattack that cost the US an estimated $10,000,000 in damages.
Whilst undoubtedly this virus inflicted major damage at the time, the costs were far below what we have grown used to thirty years later. In the last decade the world has become all too familiar with cybercrime – and the number of attacks continues to rise rapidly, with InfoSecurity reporting that cyberattack volumes doubled in the first half of 2017.
The issue of identity fraud is a clear and present danger for organisations and law enforcement alike. Cifas, a UK fraud prevention service, revealed that the first half of 2017 saw a total of 89,000 identity fraud cases reported, while crime figures showed that cyberattacks are now the most common form of crime, with an average of nearly 1 in 10 people falling victim.
Are Biometrics the Answer?
There is a clear rise to the consumer demand for banks to adopt forms of biometric verification. Nearly half of consumers (45 per cent) would rather access their online banking account using biometrics in the place of password verification. And whilst this technology has been adopted by some banks – HSBC, for example, has rolled out voice and fingerprint authentication for 15m of its customers – there is still a need for banks to do more.
When it comes to pushing biometric innovation into the mainstream, Apple are a force to be reckoned with. Having brought fingerprint recognition to the smartphone, they are now abandoning the technology in favour of another, more future thinking security measure: facial recognition. Combining its new front-facing camera with improved facial scan technologies, it appears that iPhone X has finally cracked the code on biometrics. It is fast, built on a neural engine chip, and works in the dark using infrared. Face ID is a ground-breaking development and represents a seismic shift in the application of biometric tech.
The Future of Security
Most importantly, Apple’s movement in the market means that not only are biometrics here to stay, but security, as we know it, is going to fundamentally change.
Critically, the change will come through a more nuanced use of progressive security. To explain, progressive security frameworks protect our applications and data by adjusting the security requirement according to the level of risk associated with each action. Looking at your account balance on your phone, for example, is a reasonably minimal risk and therefore doesn’t require much authentication. On the other hand, transferring a £1000 payment is a much higher risk, and therefore needs the user to follow more stringent measure to prove their identity.
Right now, our industry thinks in terms of binary factors of authentication. However, with the iPhone X Face ID service, authentication is not a binary choice. Instead, when it scans a user’s face it will return to the app an authentication factor between 0.0 and 1.0. The closer to 1.0 the better the match and if it is close enough, the phone will unlock. There are now shades of grey in the authentication factor and organisations must be ready to deal with this.
Crucially, with Apple now making this biometric technology so easily available, it will be reprehensible for financial institutions to ignore the security applications. Banks now have a duty to utilise biometrics to better protect their customers. And with the imminent enforcement of GDPR, you can almost guarantee that companies will be punished for failure to properly invest in this technology.
The Potential of Biometric Authentication
Whilst there’s no denying just how innovative and ground-breaking Face ID is, there are many other developments in biometric technology that can be woven into Financial Services. Voice recognition, both for authentication and as a human-computer interface, is growing in leaps and bounds. The benefit here is that identity challenges don’t get in the way of the interaction, they disappear behind the user experience.
Similarly, the use of machine learning and behavioural biometrics is growing. Here an analysis of how a person uses the keypad or navigates through an application provides a level of identity verification and fraud detection. Intelligent Environment’s recent project with Queen’s University Belfast has demonstrated the potential for behavioural biometrics within a digital banking platform. A similar design is due to be implemented as a form of authentication for Google’s Android smartphones,
Looking further ahead, our unique physiological signatures can be measured in the background by cardiac-scanner biometrics – a sensor that looks at cardiac measurements and heart shape. A prototype of the scanner is due to be presented at this year’s Mobicom, the International Conference on Mobile Computing and Networking. This technology will soon be embedded in keyboards, mobile phones and airport scanners.
An Opportunity for Banks
Though steps are being made to integrate biometric authentication, there is arguably more that banks should be investing in now to protect their customers in the future. New behavioural biometrics technologies are in the pipeline, including advanced systems to detect cybercriminal activity, and financial services firms should be at the forefront of investing in the development and improvement of these technologies.
The business case for investment in these advanced technologies should include the benefits that would be returned to the real victims of cybercrime: the banks’ customers.