By Steve Viuker
Many years ago, in the days of catchy bank slogans, Chemical Bank’s was, “When Your Needs Are Financial, Your Reaction Is Chemical.” With an “eye” to the future, that slogan is once again relevant.
However, the “chemical” is now biometric technology, referring to the collection and use of biological data and behavioral characteristics. These next-generation identification controls are being used to combat fraud and make transactions more secure.
“I have mixed opinions about biometrics,” said Ben Goodman, founder of 4A Security & Compliance. “First, I find it remarkable that most banks allow consumers access to their accounts with a four-digit PIN that doesn’t expire, and in most cases hasn’t been changed in years. The hacks of the global SWIFT system show that banks stand to lose far more money in a single attack from vulnerabilities caused by their own poor security practices, than from lots of fraudulent account takeovers.”
Goodman notes that “when your credit card is stolen, you can call the bank and they’ll send you a new one. When your password is compromised, you can change it instantly. When your medical record is stolen, there’s nothing you can do about changing that. Same problem with biometrics in cybersecurity – you can’t just reissue your fingerprints if some bad guy finds a way to steal them.”
The technology is already a hit with certain segments of the population.
Baby Boomers Janice Chartoff and her partner, Steve Marshall of Herndon, Virginia are both users of the new technology. Chartoff uses the scan technology to access accounts at four banks: Citibank, Barclays, PNC and SunTrust.
“I always use the scans because I’m old and can’t remember passwords,” she explained. (She is 56.) Said the even older Marshall, “It’s much easier than typing on the tiny iPhone keyboard, and I don’t have to change passwords.” He uses it on his SunTrust account and says he’ll use it every time a website offers the option.
Some of the nation’s largest banks, acknowledging that traditional passwords are either too cumbersome or no longer secure, are increasingly using fingerprints, facial scans and other types of biometrics to safeguard accounts.
According to a recent New York Times article, millions of customers routinely use fingerprints to log into their bank accounts through their mobile phones. This feature is enabling a large percentage of American banking customers to verify their identities with biometrics.
Bank Banks Embrace Technology
Other uses of biometrics are also coming online. Citigroup can verify 800,000 of its credit card customers by their voices. USAA, which provides insurance and banking services to members of the military and their families, identifies some of its customers through their facial contours.
The Times reports many models of the iPhone have touch pads that can scan fingerprints. The cameras and microphones on many mobile devices are so powerful that they can record the minute details needed to create a biometric ID. The smartphones also provide an extra layer of security: Many biometric features will only work when used on the specific phone that belongs to the bank account holder. With some voice authentication systems, banks use certain prompts to prove it is a living customer and not a recording. Many eye scans require customers to blink or move their eyes to prevent a thief from using a photo to gain access.
Wells Fargo has been working with EyeVerify, a startup in Kansas City, Missouri, to develop its eye scan feature, which is being tested with a small group of corporate customers. The technology creates a map of the veins in the whites of an eye. To log into an account, a customer taps open a Wells Fargo app on a smartphone. When prompted, the customer’s eyes are lined up with a pair of yellow circles on the phone screen. If they match, the customer gains instant access to the account and can start moving money or conducting other transactions. For now, Wells Fargo is offering eye scans only to select corporate customers, for whom the stakes are arguably higher because there is potentially so much money involved.
Bank of America has embraced fingerprints. There are limits on how far an average retail customer can proceed through the banking process without a password. JPMorgan Chase customers can gain access to their bank accounts with their fingerprints, but have to use a traditional password to transfer money. It takes only about 40 seconds to capture enough information about a customer’s vocal patterns to create a voice imprint that can be used as a form of identification. Once a print is established, it can reduce the time that customers spend identifying themselves to a call center representative.
“The future will likely see a more widespread embrace of biometrics in authentication, for better or worse,” said Goodman. “Personally, I’ll deal with the inconvenience of having a bank card reissued, rather than use my fingerprint to pay for dinner.”