For as long as many of us can remember, banking security has mostly been the same. Since the arrival of Chip and Pin, if you want to use your bank card to make payments, withdraw money, or in any way want to access your account, you pop in your PIN or password, and away you go.
However, while security has been this way for some time, it seems as though times are slowly changing, especially with the introduction of biometric security. Now, there’s no denying that biometric security has come a long way over the last few years, perhaps almost for a decade. While it may feel like the stuff of futuristic sci-fi movies, it’s undoubtedly becoming mainstream.
After all, the chances are you probably use biometric technology in your day-to-day life, especially when it comes to using our smartphones and tablets and the fingerprint sensors used to unlock them and complete specific security tasks. You may have also seen the introduction of face and eye scanners in certain high-security buildings.
So, with biometric security features such as things becoming more and more accepted by the general public, the question remains, is this kind of security going to be used for banking purposes, and how would this change things up? Let’s find out.
What actually is biometric authentication?
The process of passing a security check and determining someone’s identity is known as authentication. Whether you’re using a password or PIN code, this basically means the system is checking to make sure you are who you say you are. Someone certifying that they are the genuine cardholder making a payment, for example.
- Something that the user is aware of, such as a PIN or password.
- The user owns a physical object, such as a card, a token, or a mobile phone.
- Something a user is — or, to put it another way, a biometric property.
Authentication of payment transactions is usually done using the coupled methods from the first two categories. However, the use of biometric traits, which fall into the third group, has no doubt become more viable over recent years, significantly since the technology is improving.
But what’s actually included under the umbrella term of biometric security? Typically, it includes physical and behavioral aspects of the person. Such physical characteristics include fingerprints, iris patterns, and facial traits. That’s because these are innate and can rarely be changed on a day-to-day level.
This is in comparison to someone’s behavioral factors, such as keystroke dynamics and cursor motions, which are tied to the user’s behavior patterns and easily be replicated or copied.
However, one crucial difference you need to know between biometric and other authentication methods is that biometric approaches must take probability into account during the authentication process.
A PIN or password provided by a transaction participant is either correct or incorrect. However, a biometric scan of a fingerprint, for example, will typically just provide a likelihood that the authentication is correct. That’s because there are so many variables, such as dirt or gloves on a fingertip or a new scar on someone’s face, thus changing the innate quality of the security measure.
This undoubtedly presents some difficulties, particularly in payment transactions, where authentication failures might result in financial losses or chargebacks. What’s more, the arrival of technology such as deep fakes, which could potentially replicate someone’s face in a more-than-accurate way.
How biometrics will affect the banking industry?
Of course, at this point, we can only guess and theories about how this technology is going to change things. We never know what technologies are going to launch over the next few years or what kind of changes the world will see, but using the information we have, we can always come up with some accurate ideas to get us all to the best possible start and to help us prepare for what’s to come, as well as addressing any foreseeable issues before they become problems.
Biometrics will play only a modest role in the authentication of card payments at the point of sale in traditionally card-based payment markets with existing payment infrastructure. This is perhaps the most logical way for biometrics to be used in the modern world.
There’s just no need for it when these existing security and authentications features are already doing their job. That being said, it might be nice to use, say, fingerprint scanning, to quickly pay for small items, say anything $50 or below.
This way, you could quickly pop into a queue and pay without having to wait, which could massively save time in fast-paced retail environments. But it is really needed, and is the investment needed to implement such technology worthwhile?
Biometric authentication would require a huge investment in new technology, either at the point of sale (e.g., installing a camera for face or iris recognition) or in the cards themselves (e.g., by issuing cards with an embedded fingerprint chip).
What’s more, fraud losses are relatively minor when compared to the expense of such technology. As a result, merchants and card issuers appear unlikely to justify such an investment.
There’s also no reason to believe that consumers, both private and commercial buyers, would be willing to pay for biometric authentication.
Over the next years, the rising use of biometrics-enabled devices (e.g., smartphones) and the ultimate goal of providing a consistent user experience across channels would encourage the use of biometric authentication for payment transactions.
There’s absolutely no denying that mobile payments are gaining momentum among consumers and have rapidly become a part of everyday life. This has simultaneously encouraged biometric authentication in the process, and if this is what market forces like, this is what the market will need to provide.
This is because so many current mobile devices can analyze biometric features, such as using cameras, fingerprint scanners, or microphones for speech recognition. Biometric authentication is also used to unlock phones and computers, as well as to authenticate actions.
Biometric characteristics can be used to augment or replace existing authentication methods, such as PIN, when executing financial transactions at the POS at no additional cost and with improved convenience.
Of course, it’s important to think about how biometrics could be used to also make remote payments. Right now, biometrically equipped devices, such as smartphones, tablets, and laptops, are being used to conduct an increasing number of remote payment transactions, so it would only be natural that biometrics would have a place there.
Biometrics as a direct account link will only be applicable for POS payments in a few select markets, such as those with no existing mainstream payment networks or infrastructures. This will also apply specific closed-loop cases.
Don’t let this confuse you, and instead, let’s break it down. Biometric features can serve as both an authentication factor and a direct link to a payment account, effectively replacing the card as a payment medium.
Using biometrics in this way typically means that the installation of dedicated biometric payment gear is essential. This would include technology such as palm scanners or facial-recognition cameras. These are techn9ologies that are already being used in the payment system world, especially in the US.
These technologies are anticipated to have limited potential in developed payment markets because of their high cost, but of course, there’s always the chance that a new product or more affordable service is created over the coming years.
Closed-loop systems, such as those for events, festivals, individual merchants, or cafeterias, are likely to see an increase in biometric authentication use cases. Biometric authentication would be a way to improve the customer experience, as most of these require a distinct hardware infrastructure anyhow.
Liquid Pay in Japan is one example of this category. Tourists can use their fingerprints to pay in participating stores after having their fingerprints, passport, and credit card information registered at their hotel.
In the future world of payments, biometric authentication will undoubtedly play a big role, but it’s uncertain how big or small this part will be. The chances are that biometric authentication remains unrequited in traditional card-based payment markets but will continue to expand in the industries of mobile technology. Alternatively, in infrastructures that don’t have a card platform, biometric technology could be massive.
Legal and regulatory actions will also encourage the adoption of biometric authentication as a means of bolstering payment system security. In Europe, for example, there is a regulatory drive for robust customer authentication techniques.
While biometric authentication is unlikely to completely replace PINs and passwords in the near future, it will become an essential part of a broader range of authentication techniques. The authentication techniques utilized for each payment will be determined by the nature of the transaction, the risk of fraud, and the buying channel.