Financial biometrics are spreading like wildfire across the FinTech industry. With all the big financial service providers and most major banks embracing strong authentication for both payments and banking operations, there have never been so many ways to authorize the movement of money. Like the other vertical markets that intersect with biometrics, the range of modalities that can be used in the financial sector are as varied as the situations in which they can occur.
November is Financial Biometrics Month at FindBiometrics. This week we are going to look at four different biometric modalities in finance and how they are employed to make commerce more convenient and secure.
The most popular biometric modality in finance, at least in terms of public visibility, is fingerprint recognition, thanks to the Apple Pay, Samsung Pay and Android Pay mobile wallets that leverage embedded smartphone sensors to authorize POS retail payments. All three smartphone based mobile wallets can boast wide acceptance given their relatively nascent status, with Apple Pay accepted by a rising number of banks and retailers, and its competitors showing off impressive adoption numbers.
Fingerprints offer a great deal of convenience in mobile payments, since a scan of the finger and a tap of the phone beats cumbersome PINs and signatures. An interesting hitch has formed in the Apple Pay model, however. Banks in the UK have recently come out warning users of Apple’s mCommerce service to ensure they aren’t enrolling and storing other people’s fingerprints on their devices. This conflicts with the logical access control Touch ID feature, which allows for trusted users other than the owner be enrolled, in the case of a family phone for instance.
Of course, fingerprint biometrics aren’t simply for mobile commerce. For a long time now, fingerprint sensors have been authenticating ATM transactions around the world. The goto example for this is the multi-spectral biometric technology used in Latin America on bank machines, courtesy of Lumidigm (which was acquired by HID Global in 2014). The special nature of multi-spectral imaging makes the Lumidigm sensors ideal for these public deployments, as they can scan dirty, damaged or wet prints.
Just over a year ago, at Money20/20 2014, a representative from the Royal Bank of Canada called the Nymi Band—a biometric wearable that authenticates users via heart signature—the future of payment. Nymi’s technology, which has many applications outside of finance too, has long been championed by banks and MasterCard in particular. The idea of making secure payments with the tap of the wrist is a compelling one.
The Nymi Band offers persistent authentication. When a user puts the device on her wrist, she completes a circuit that in turn allows for her heartrate to be measured and matched to the cardiac signature stored on the device. The user remains authenticated for the duration of her wearing it, so payment ostensibly doesn’t need anything beyond the tap of the band to an NFC enabled terminal.
Earlier this year Nymi made headlines with the official first wearable payment authenticated by a heartbeat. Through a pilot program underway in Canada, the Nymi Band was used to process a TD MasterCard payment on a Tap & Go contactless payment terminal that operates using NFC technology.
Mutli-Factor Face and Voice
While face and voice recognition each have their own separate applications in finance, the two modalities can combine to create something quite powerful in terms of flexibility and security. When I spoke to Todd Mozer, CEO of Sensory, about the newly launched TrulySecure 2.0 he explained it this way:
“In general, the better security you want, the more inconvenient it gets. So we [at Sensory] think face alone is a great means for maximum convenience and then we have the TrulySecure mode which combines the face and the voice and they just need to say a passphrase while looking at the phone.”
Sensory, according to Mozer, has trial programs with a lot of banks and is “making very steady progress in the banking and FinTech community.” And it makes sense: multi-factor face and voice authentication is ideal for mobile banking.
Take, for example, Daon’s IdentityX solution being used by USAA. We’ve covered this deployment extensively on FindBiometrics, which has seen a million users sign up for biometric sign-in. While fingerprint is also an option for USAA, the initial offering was just face and voice, something that is appealing to many users who may not yet have fingerprint sensors on their phones.
Vascular biometrics are extremely secure, and as such are ideal for high risk financial transaction authentication. Scanning the vein patterns under your skin to prove that you are who you say you are is beneficial because your circulatory system is hidden under your skin and therefore extremely difficult to duplicate for spoofing purposes. As such, you will see vein recognition most often in banking deployments like the one at Barclays in the UK.
Barlcays has adopted biometric technology for various services, but it has particularly chosen finger vein recognition to protect the online transactions of its corporate clients.
Because of the specialized hardware required for vein pattern recognition there are very few instances of it on consumer mobile devices (one of the notable exceptions being EyeVerify’s Eyeprint ID). That said, very recently we have learned that Visa is looking to the circulatory system modality as a way to replace physical credit cards for users. Currently in development, the FingoPay system is set to be trialed at a London restaurant owned by Worldpay.
Stay posted to FindBiometrics throughout November as we continue to bring you a featured examination of biometrics in finance. Follow us on Twitter and tweet using the hashtag #FBFinTech during Financial Biometrics Month to be a part of the conversation.
November 19, 2015 – by Peter B. Counter