Last week we reported on new research from Goode Intelligence on the state of mobile biometrics in FinTech. Regular readers of Mobile ID World will no doubt be aware that the intersection of said technologies is a hot space right now, but Goode’s numbers are very exciting: among the firm’s key findings is a forecast that, by 2020, more than 1.1 billion financial services customers will be using mobile biometrics technologies.
FindBiometrics president Peter O’Neill had the opportunity to speak with Alan Goode, managing director of Goode Intelligence, about these findings and how mobile bimetrics is affecting the world of FinTech, as well as the concept of “Mobile Biometrics 2.0.”
Peter O’Neill, President, FindBiometrics (FB): Can you please give our readers a brief background on your company?
Alan Goode, Managing Director, Goode Intelligence (GI): I started Goode Intelligence back in 2007 after about 20 years of being in a variety of roles—all of them in technology—and in the last 15 years of that career, working in information security with a lot of emphasis on authentication and identity. I’ve held senior roles at Key Mobile in a security capacity; I was the director of digital security at De La Rue Identity Systems, looking at digitizing passports and integrating biometrics into that, around 15 years ago now. The reason for the change was due to my interest in the analyst market, the intelligence market, and I decided to take my experience and set up a business that looked at the very niche emerging area of mobile phone based security, and looking at how identity or authentication solutions were being migrated across to the mobile. We published a report back in 2009 looking at the mobile as an authentication device, and since then have spent a lot of time looking at the emergence of mobile based authentication and the emergence of mobile based biometric authentication as well.
FB: Your latest report “Mobile Biometrics for Financial Services 2015-2020” has just been released. Can you please describe the scope of this report for our readers?
GI: This is the third in a series of reports that we have published in the last six months looking at the adoption of biometrics across a wide range of financial services, which included banking and payments. This one specifically looks at the use of mobile, and the use of mobile based biometrics, for a wide range of financial services. It doesn’t just look at the use of biometrics on mobile phones for things like mobile based payments, contactless payments, but looks at the use of the mobile as a prime authenticator for authenticating bank consumer financial services consumers across a wide range of financial services channels. That includes payments, and not just payments at the physical point of sale like an Apple Pay, but also what we are seeing is the mobile being used for more traditional channels like authenticating users at the ATM for cash withdrawal.
There is a big problem at ATMs, in that there is a lot of fraud. There are a lot of skimming devices that are being inserted into ATM machines, and some of the card based solutions that we are seeing at the moment are being compromised. So the phone is being seen as a way of providing out-of-band authentication. As biometrics are becoming a very used or important kind of authentication technology for the mobile, then it is natural to be used for a wide range of those particular services.
So it covers a wide range of services including payments, including banking. We are looking at the adoption of biometrics for mobile banking applications for authentication, but also transaction verification as well. There is the potential; I know that EMVCo. are looking at biometrics as a way of improving the user experience for that user verification in e-commerce payments.
FB: You mentioned in your press release that FinTech players are trying to dominate the banking and payment experience through ownership of a customer’s identity. Can you elaborate on this for us?
GI: I think that there is a trend of adoption of biometrics in financial services coming from not the banks or the financial companies themselves but the technology companies. Apple, by leveraging the Touch ID fingerprint ecosystem, is using it for payments, for authentication, for mobile wallets, and authentication for contactless payments at the physical point of sale. So again the banks are having to adopt that technology because it is out there and users are finding it convenient. There is that disruption there. But also there are challenger banks. There a couple of challenger banks here in the UK; one of the Madison banks is going to be bringing out a mobile-only kind of banking solution using biometrics—using facial and voice biometrics as the prime authentication. So there is a risk for incumbent banks and financial services because they have lagged behind—because they still rely on perhaps soft tokens in the phones, or hard tokens delivered to the customer, they haven’t been quick enough or agile enough to bring agile or convenient biometric mobile authentication to consumers.
So yes, there is that first-to-market with the likes of Apple, and the likes of the challenger banks, bringing out that convenient authentication.
FB: You describe a trend that you are seeing in the industry as ‘Mobile Biometrics 2.0.’ Can you describe this please?
GI: In a way, it is the financial services companies. What they are doing is: they are initially leveraging the device-based biometric authentication solutions from handset manufacturers like Apple, Samsung, and Google. They are using it because they have to be seen as providing convenient authentication. So they are using it for now, but what we are finding is that the financial service companies can’t trust it. They are not trusting the device-based authentication solutions to provide a full range of financial services, so they adjust the services that are delivered to the customers on the mobile channel.
What we are seeing in what we define as Mobile Biometrics 2.0 is something that can fit in with the bank retaining ownership of identity: retaining ownership of the customer but also meeting the needs of the security people, the risk people, to ensure that it is a robust and scalable security and authentication solution that is being delivered to the end users. So what we are seeing is things like the FIDO Alliance, the IEEE BOPS (Biometric Open Protocol Standard), kind of standards and frameworks like that, which support scalable authentication solutions, are being adopted or at least are being put into pilot mode or proof of concept for the banks to get used to, and to roll out these biometrics solutions. That is what we consider to be Mobile Biometrics 2.0.
It fits in with the service providers’ risk and security model and also retains ownership of identity from those organizations. It may be device centric authentication solutions like you see with FIDO, or it could be a hybrid approach that you are seeing with BOPS—where there is a template that is shared between the device and a cloud service—or it could be a server based authentication solution where the biometric templates are stored in secure servers. So it is a number of deployment models, but each one of them is where the financial service provider or the payment service provider retains ownership of identity, and fits into that security model and architecture that regulation is enforcing, and also from a risk perspective as well.
FB: Well with you prediction of over 1.1 billion users of mobile biometrics for financial services by 2020 it certainly and exciting time for our industry and thank you for taking the time today to share some of the thoughts about your most recent report.
GI: It is a pleasure, thanks Peter.
(Originally posted on Mobile ID World)