Cybercriminals make billions of dollars each year preying on naïve users and vulnerable businesses. Individual attackers, criminal bands, and state actors seldom rest on their laurels; greed drives them to constantly improve their attack strategies. That’s why it is incumbent upon companies to engage in an arms race with the bad guys and stay ahead of the evolution of cybercrime. Hackers are constantly probing vulnerabilities to evade current security practices, and companies need to innovate to make sure they are always one step ahead of the fraud attacks that aim to steal money from customer accounts.
One of the most promising tools in the fraud security arsenal is biometric authentication technology.
Biometric authentication uses the unique physical characteristics of a person to confirm that they are who they say they are, and is being increasingly used to confirm online purchases, payments, and bank transactions. Biometrics are poised to change online banking and e-commerce in the following ways.
The Decline of the Password and Other Legacy Factors
The password is the first line of defense for banks and companies that do business online, but it has always been an imperfect anti-fraud approach. Passwords can be circumvented by phishing attacks that use social engineering to trick end-users into divulging their login credentials to cybercriminals. There is another problem: with their multiple bank accounts, email accounts, and numerous online retailer and social media accounts, the modern internet user has to memorize the passwords of 92 accounts on average. Biometrics promises to remove the need for memorizing multiple passwords and the unsafe practice it breeds – password recycling – which can leave users vulnerable to having their accounts hacked.
The password will be joined in obsolescence by other old and outdated authentication methods, such as SMS-delivered one-time passwords, which are unencrypted and prone to interception. The US National Institute of Standards and Technology (NIST), a division of the Department of Commerce that creates national guidelines for secure electronic communications, declared SMS authentication as too risky in 2016, saying that it should be replaced with other, more dependable authentication methods. Biometrics removes the need to depend on mobile telecommunications networks that operate outside the perimeter of a bank’s cybersecurity controls.
Remember those bank-issued random-number-generating tokens commonly used as a key ring a decade ago, which displayed a number that was then used to verify a transaction? Those key fobs were compromised various times in large-scale phishing attacks where cybercriminals simply intercepted the numbers they generated in addition to capturing user passwords. Bank customers were also unable to perform any transactions when those tiny tokens were lost or stolen, which obligated financial institutions to bear the cost of reissuing new ones. Fortunately, biometric authentication doesn’t require users to memorize complex passwords or carry something around with them everywhere they go.
Less Friction, More Convenience with Mobile Authentication
Customers want security, but they if they have to jump through too many hoops to get a security solution, they won’t adopt it. There is a balance that needs to be struck between highly secure transactions and a low-friction user experience. There will never be truly friction-free online financial activity that is also completely secure, but bank transactions and e-commerce can be protected with biometric authentication methods that are easy for customers to integrate into their banking routines.
Customers are already accustomed to carrying their smartphone wherever they go, and most new models have the technology to enable biometric authentication: fingerprint scanners, voice recorders, and cameras make biometric authentication easy for customers to perform. For example, customers can receive a message through their banking application asking if they would like to confirm a recent transaction, and then apply their fingerprint to the scanner on the phone to verify the activity.
It is not just cybercrime that is compelling banks to modernize security: the financial industry is on the cusp of massive disruption, and institutions must innovate to keep business humming. Customers who know they are protected by simple, hassle-free authentication feel more secure, perform more transactions, and use more digital services, which has the pleasant side-effect of helping banks make more money.
The same biometric authentication technology that can make transactions more secure can also lead to innovation in how banks deliver financial services to customers, leading to product offerings that better reflect the way customers use mobile devices as their primary access point for navigating through a wide variety of life events.
To learn more about biometric authentication, take a look at our page on DetectID.