Related
VOICE RECOGNITION
In this biometric option, users authenticate themselves by speaking words or phrases and having the vocal patterns matched against those stored in a database.
"Voice biometrics can be a way to replace the knowledge-based questions that banks typically use to authenticate people in contact centers," says Shirley Inscoe, a senior analyst at Aite Group.
National Australia Bank fits this use case. In late November, the bank said it would use voice biometrics to allow customers to access bank accounts by using their voices. It's currently using the technology for call centers, but may eventually extend usage to ATMs. Speaking at a media event in Sydney at the end of November, a representative of the bank said the system saves about three minutes on the phone and reduces the fraud threat. Instead of asking for a password or security questions, the technology, which was developed by Telstra, authenticates users by listening to their voice.
And Wells Fargo uses voice authentication in its wire room to spot people who have committed fraud in the past by comparing incoming callers against a database.
IRIS SCANS
The argument for using eyeballs for authentication is their uniqueness and sustainability. The average iris has more than 2,000 unique attributes that don't change during a person's lifetime. It's also a form of biometric security technology that's been widely used for some time.
Government agencies such as the Department of Defense have used iris scans to identify staff at the Pentagon, and Bank of America has used iris scans to identify staff at its Charlotte headquarters. Many DMVs also use iris scans in their drivers' license centers. Inscoe says iris scans are among the most popular forms of biometrics that she hears about when speaking with banks, along with voice prints and facial recognition.
PALM PRINTS
In this method, the fingerprint is supplanted by the entire palm. One of the big advocates of palm print identification is Intel Labs, which is developing a new authentication model around it.
Intel uses palm print software and a biometric sensor embedded in the computing device to identify the user and the device. That in turn opens up access to social media sites as well as other account-based sites such as banks. The argument is the palm is a better mode of authentication because it's more reliable than fingerprints. And in the case of Intel Labs, the palm is read remotely at a short distance, rather than actually coming into contact with the reader.
In an earlier interview with BTN, Sridhar Iyengar, director of security research at Intel Labs, which will work with service providers over the coming years to incorporate sensors into their technology, said making laptops, smartphones and tablets responsible for identification removes the need for websites to perform authentication via password.
Another form of "hand related" biometrics is signature verification, in which a digital signature executed on a pad is measured and compared to a signature stored in a centralized database, using factors such as speed and pressure on the pen. Other, older versions of "hand biometrics" include users placing their hands on an actual reader, which measures the shape of the hand, such as width and length of fingers.
DEVICE FINGERPRINTING
Computing devices themselves can also be "fingerprinted," which aids in authentication.
ThreatMetrics, a device ID company, says there are several ways to "fingerprint" a computing device. Fingerprinting most commonly refers to the measurement of a browser, operating system and connection attributes to generate a risk profile of a device. There are a couple of ways to do this, including installing software on the device or using a remote profiling server. These programs can identify a device by tagging browsers; using HTML, JavaScript or other methods to profile based on screen resolution, browser type, time zone, language and media supported; deploying HTTP fingerprinting that extracts types of compression supported and language; profiling connection information to determine the operating system used to connect to the Internet; and the accumulating information on the type of connection services. In a separate interview in mid-December with BTN's Penny Crosman, Wells Fargo executive vice president Steve Ellis said the bank has built a version of device fingerprinting that uses an IP address and physical location to identify a user.
I think the best solution is a smart phone application that generates keys that are authenticated by a third party will be the solution for internet authentication. So I go to my banks web site, my smart phone provides the site with a key via blue tooth, and the bank asks a company like Verisign to validate my identity.