Biometrics project studies ways to combat bank fraud

Industry consortium launches effort to see how biometrics could improve customer authentication and battle identity theft. Analyst says iris scanning at ATMs holds potential.

An industry group recently launched a project to analyze how biometrics could strengthen customer identification and help thwart fraud.

SearchFinancialSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The Financial Services Technology Consortium's (FSTC) biometrics initiative aims to provide banks with a better understanding of the current state of biometrics and how the technology could make it harder for fraudsters to steal someone's identity or take over accounts, said Dan Schutzer, FSTC executive director. Banks have been piloting biometrics, he said.

"It's clearly the third companion for stronger authentication: something you know, something you have, and something you are," he said.

FSTC, based in New York, is a group of North American-based financial institutions, vendors, research organizations and government agencies. Its members include Citigroup Inc., Wells Fargo & Co. and JPMorgan Chase & Co.

Biometrics:
Pros and cons of multifactor authentication technology for consumers: Multifactor consumer authentication is a must-have for financial services firms, but there are a number of different types of multifactor authentication technology.

Emerging themes in identity access management: During these tumultuous times in the financial industry, your organization's identity and access management efforts need to be stronger than ever.

The project will look at the various types of biometrics, their cost and performance, and what applications they could best be applied to, Schutzer said. The technology will be analyzed for its use online, in call centers and in retail branches.

"It's a fairly complex subject. Different biometrics are better suited for different applications and channels," he said. For example, voice biometrics would be the natural candidate for improving authentication in a call center.

The initiative will also explore the possibility of a shared database with biometric data of known fraudsters, which could help financial institutions prevent both insider and external fraud, Schutzer said.

Cost and maturity concerns have been holding banks back from deploying biometrics, he said.

"Customer acceptance is tremendously important," he said. "You want to make sure you're adding convenience as well as security for the customer, so they're more likely to pick up on it. If you make something too hard and too onerous, they won't want to do it."

Mark Diodati, a senior analyst for identity management and information security at Burton Group, said U.S. banks have steered clear of biometrics.

"It's simply a non-starter in the online retail banking space," he said. "The reason is that consumers absolutely refuse to use a hardware-based authentication mechanism and if they refuse to use a one-time password device, which is portable and doesn't install any client software, you can bet they really don't want to use biometrics."

Not only will a biometrics system require the installation of software, it also will likely mean hardware troubleshooting in order to work, he said.

Iris scanning has some potential for ATM use, but banks are still a long way from deploying it, Diodati said.

"There's not only a technology problem with that, but a huge process problem," he added. "How are you sure the biometric sample actually belongs to the person you think it does?" Such a system would require some identity proofing that would bind the user's identity to the iris template, he said.

Banks are also reluctant to use biometrics internally, favoring either one-time password devices or smart cards for employee authentication, Diodati said. One sector where biometric authentication systems have been deployed is healthcare, he added.

Dig deeper on Secure user and consumer authentication methods

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close