We often say no product or solution is a “silver bullet” for fraud. In order to fend against the rich mosaic of cyberattacks threatening organizations, multi-factorauthentication is the bare-minimum for secure online banking.
For financial institutions seeking to provide safe online banking, while biometric authentication technology strikes the perfect balance between a convenient user experience and security, relying on a single type of end-user authentication has proven to be highly ineffective.
Secure, But Developing Technology
Biometrics has been dubbed as the latest and greatest cutting-edge framework for protecting online transactions and strengthening end-user authentication. But their use in securing banking is relatively new, and there are weaknesses to using this method as a single-factor authentication system.
For example, although biometric security is beneficial because it can be hard to duplicate and is generally held in high regard by consumers as a strong security form factor, it can be relatively easy to steal or circumvent. Every day, we touch objects, speak in public and post our pictures on social media, effectively giving away our “biometric secrets.” Once biometric data is compromised, it is impossible to replace.
Weapon for Winning Customers
Companies should not forego the benefits of biometric security. On the contrary, those who do not look to make use of these new factors will lose a competitive edge. Perhaps one of the strongest features of biometric security is how easy and ‘friction-free’ it is for customers to use – much more so than other authentication methods. This is especially crucial for the most important emerging consumer demographic – the millennials – who have come to expect the convenience and instant gratification that comes from shopping and banking through their smartphones.
Institutions capable of balancing security while also providing simple, convenient authentication strategies, will succeed at attracting and retaining customers. Imagine having to tap in a random number (one-time passcode) and then take a selfie photo (facial recognition) to make an online payment. Who wouldn’t crack a smile? The user experience is as valuable to your customers as security is.
How Can Biometric Features Be Leveraged Without Providing Opportunities for Fraudsters?
First off, they should be augmented by an additional layer of security. The additional methods, such as behavioral analysis, can also be used to provide an environment in which biometrics can perform well. By making note of how and where a user is making a transaction, a risk-measurement approach can be taken – if the transaction is risky, then biometric security could be triggered to verify it. The same approach could also be employed via device analytics.
For example, a user making a transaction from a known, clean, registered device at home would be a prime candidate for authenticating themselves by face or voice. But a user logging in from an unknown device that is infected by malware and in a different country, will need to be authenticated differently.
While biometrics, coupled with other forms of anti-fraud security, are much more secure than passwords, they also need to be integrated as a suite of solutions that effectively communicate with one another. There may be a temptation for some organizations to approach a stand-alone biometric vendor to integrate the technology into their native mobile apps quickly and then promote themselves as cutting-edge. But doing so runs the risk of overlooking additional form factors that need to run alongside biometrics, because any additional third-part security measures may take too long to get out the door.
At face value, this logic might make sense, as consumers will only see the biometric part of the security, and not necessarily all the underlining security in the background. But as mentioned above, a hacker who got wind of this might see it as an opening to exploit the inherent vulnerabilities of a stand-alone biometric security strategy.
Biometric authentication should be thought of as a strengthening pillar of anti-fraud protection, but not a central security component.
The technology is not meant to replace existing user authentication systems. Biometrics used in tandem with other kinds of protection, result in a solid, multi-layered protection strategy that is difficult to crack, even for the most elite cybercriminal.
To gain more insight into convenient user experience paired with strong security, click here.