National Australia Bank fits this use case. In late November, the bank said it would use voice biometrics to allow customers to access bank accounts by using their voices. It's currently using the technology for call centers, but may eventually extend usage to ATMs. Speaking at a media event in Sydney at the end of November, a representative of the bank said the system saves about three minutes on the phone and reduces the fraud threat. Instead of asking for a password or security questions, the technology, which was developed by Telstra, authenticates users by listening to their voice.
And Wells Fargo uses voice authentication in its wire room to spot people who have committed fraud in the past by comparing incoming callers against a database.
The argument for using eyeballs for authentication is their uniqueness and sustainability. The average iris has more than 2,000 unique attributes that don't change during a person's lifetime. It's also a form of biometric security technology that's been widely used for some time.
Government agencies such as the Department of Defense have used iris scans to identify staff at the Pentagon, and Bank of America has used iris scans to identify staff at its Charlotte headquarters. Many DMVs also use iris scans in their drivers' license centers. Inscoe says iris scans are among the most popular forms of biometrics that she hears about when speaking with banks, along with voice prints and facial recognition.
In this method, the fingerprint is supplanted by the entire palm. One of the big advocates of palm print identification is Intel Labs, which is developing a new authentication model around it.
Intel uses palm print software and a biometric sensor embedded in the computing device to identify the user and the device. That in turn opens up access to social media sites as well as other account-based sites such as banks. The argument is the palm is a better mode of authentication because it's more reliable than fingerprints. And in the case of Intel Labs, the palm is read remotely at a short distance, rather than actually coming into contact with the reader.
In an earlier interview with BTN, Sridhar Iyengar, director of security research at Intel Labs, which will work with service providers over the coming years to incorporate sensors into their technology, said making laptops, smartphones and tablets responsible for identification removes the need for websites to perform authentication via password.
Another form of "hand related" biometrics is signature verification, in which a digital signature executed on a pad is measured and compared to a signature stored in a centralized database, using factors such as speed and pressure on the pen. Other, older versions of "hand biometrics" include users placing their hands on an actual reader, which measures the shape of the hand, such as width and length of fingers.
Computing devices themselves can also be "fingerprinted," which aids in authentication.
Most of our interview subjects mentioned the mobile device as the key to biometric adoption and other forms of advanced authentication, as people use biometrics tied to mobile devices to access services - or use the devices to authenticate themselves in another channel. "It's something we're starting to call bring your own ID," says Michael Versace, a research director at IDC Financial Insights. "The bank is going to start to identify people not by their user ID and password, but by your behavior."
In the case of "bring your own ID," the prevailing "something you have/something you know" ID paradigm grows to include "something you are." The three will eventually combine to enable risk-based authentication.
The same mobile technology that's being used for marketing - such as geolocation and transaction history - can also inform risk-based authentication. "We know where a person usually logs in from and what he does - such as check balances, move money or make a bill payment. That behavior defines your ID. What if there's a log in or activity that's different? Your ID is used to create policies directly related to your behavior," Versace says.