Any authentication method that gains in popularity will become a bigger target for hackers.
Eventually, mobile banking and payment apps will offer multimodal (and multi-factor) authentication for consumer and business customers. While this may bring additional security, the challenge will be avoiding additional customer friction. Multimodal biometrics, or a combination of biometrics such as facial and voice recognition, can offer a means to provide extra security to customers without requiring additional work on behalf of the customer.
While some of the use cases listed above for banks to implement biometrics are already available in the market today, some are coming soon. Biometric technology is evolving, and we expect to see the banking industry continue to keep pace to meet evolving customer expectations around convenience and security. It’s guaranteed that biometrics will be a vital part of banks’ digital transformation.
As banks and other card issuers adopt new technologies to progress their own digital transformation journeys, there are other ways biometrics can be implemented to remove customer friction by enhancing identity security for payments and other financial services.
Customers do not like friction in the user experience. Implementing biometrics to replace passwords is a step in the right direction to creating a seamless experience, but some banks and issuers see scanning a fingerprint or eyeprint as too much friction for basic activities. As such, some banks today allow customers to conduct low-risk actions such as balance checks without an authentication action if the customer is on a known device.
Banks can incorporate biometrics to increase security from the point of login, and can implement authentication requirements at points that entail more customer risk, such as transferring money or paying a bill.
To boost security, banks, issuers and other companies in financial services and payments often require users to verify their identity through a second factor. Second factor authentication is usually executed when a customer is sent a one-time code via SMS to their mobile device or through a phone call. Users will then type the code into a website to login. There are two problems with this method: Typing in a code adds more friction than necessary; and the National Institute of Standards and Technology (NIST), a de facto security barometer, stated last year that SMS is no longer an acceptable second factor method
Biometrics can be a replacement in these contexts to enable users to log into a website on their laptops following an authentication on their smartphone. This could be done in addition to the use of a password or another identifier for second factor authentication, or in replacement of a password for out-of-band authentication.
ATM usage can also benefit. Wells Fargo, JP Morgan Chase and Bank of America have each recently announced plans to roll out cardless ATMs. Consumers at an ATM can log in to their mobile banking app, enter the total withdrawal amount, scan a QR code from the ATM and receive money from the ATM.
Cardless ATM withdrawals will soon be more common than not, and will further boost security by eliminating issues with card skimmers. They also improve the user experience by eliminating the need for a debit card. This next evolution in banking will be far more secure when paired with biometrics.
Also, call centers are typically riddled with friction for consumers. In many instances, consumers have to remember a specific PIN designated for call center usage only. The difficulty in creating and remembering that PIN is only further compounded by the lack of frequency with which customers need to use them. On top of that, answers to security questions are just as difficult to recall, and can be easily hacked. Pets, maiden names, elementary schools and the like, are not difficult for malicious actors online to find.
If, however, a customer uses biometrics to authenticate into their mobile banking app and then calls the call center from within the app, the call center representative can skip additional authentication steps.