Biometrics once seemed worlds away from mainstream use. But as this category of security technology gains momentum, with advancements like the thumbprint scanner on Apple's iPhone 5s, has its time as a bank account authentication tool finally come?
In some ways it already has. Automated teller machines featuring fingerprint readers have been used in South Africa since 1996. Brazil today boasts more than 55,000 ATMs that integrate biometrics technology into the authentication process. And in the United States, banks have been using biometrics since the mid-2000s to facilitate secure self-service access to safe deposit boxes for consumers.
The idea of using physiological markers is on the verge of widespread acceptance. But the technology first must overcome some notable barriers.
Social Acceptance: U.S. consumers especially are worried about privacy and the potential misuse of their captured biometric data. They're most concerned with where and how the data is held. After all, once the data is stolen, nothing can be done to alter the source. Passwords can be changed; fingerprints, irises and handprints can't.
A potential way to mitigate this concern is for the consumer to retain a digitized version of his or her physical attributes, on a smartphone for instance, rather than having that data stored by a bank. A bank's encryption system would then translate and match that data, as well as the consumer's actual physical attributes, to authenticate the user.
Standardization, performance and security: For biometrics to be applied more broadly, the industry must select a standard form of authentication, such as palm vein technology. Doing so will enable interoperability between systems, which will be critical to acceptance. Naturally, a uniform approach will require the development of regulatory or industry technology standards and compliance guidelines.
The speed of access and authentication also is critical to the success of biometrics implementations. Consumers will have little patience for time-consuming authentications, despite the added security that biometrics technology offers. In addition, banks will need to address the security of all points of their systems — from end to end — to ensure they've eliminated opportunities for data interception.
Infrastructure: For biometrics to be applied extensively, financial institutions will need to assemble accessible databases of biometric information. And they'll need to ensure those databases are highly protected from external and internal threats.
Cost: The added security that biometrics offer may justify the investment. But there's no getting around it — currently, the cost of deploying the technology, educating consumers and building a biometrics database remains high.
Accessibility: To ensure that all consumers are able to take advantage of secure biometrics technology, accessibility challenges must be addressed.
None of the above barriers are insurmountable. In Brazil, for example, consumers have accepted — even demanded — biometric authentication at the ATM; suppliers have addressed performance and security aspects; and banks have developed the infrastructure to support biometric data management. These concentrated efforts have made self-service biometrics a rapidly growing authentication solution across the country.
For other markets to follow suit, they'll need to reach similar levels of acceptance and infrastructure investment. And some of the groundwork for that already has been laid. Use of biometrics in mainstream consumer devices is intensifying consumer interest and trust in the technology, and we've seen some banks begin to respond with biometric solutions designed to enhance security, convenience and efficiency.
A future in which consumers are routinely able to swipe, scan or touch a device to securely access private financial information may not be that far off.