Bridge Community Bank has embarked on an initiative it hopes will produce new, flexible alternatives to usernames, passwords and other traditional identifiers, which are increasingly considered dated as consumers take on broader and more mobile relationships.
The Mount Vernon, Ia.-based Bridge is deploying identity technology from Tascet that combines biometrics and consumer information to produce a personal digital identity that's distinct from passwords, PINS or Social Security numbers. The bank hopes this identity will be usable for transactions involving other banks, and can be used to provide security for branch, web and mobile banking, as well as help with anti-money laundering compliance.
"We see it as the beginning of a change in mindset as to how we authenticate a transaction," says Bob Steen, CEO of the bank, which has three locations and about $70 million in assets. "We're a small bank, but we offer mobile payments and a mobile banking solution and we want to minimize the risk of a customer's ID being stolen."
The personal digital identity can be accessed via readers at bank branches, or by embedded biometric readers on tablets, smartphones and laptops. That technology is not widely available yet on most current mobile devices or laptops, though it is expected in the next couple of years.
Steen characterizes the bank's project as forward looking and a test of new identification methods. But he says changes to identity strategy are necessary, because passwords and PINs are cumbersome to use, and can also be used by crooks to access bank accounts because the institution's systems don't necessarily know the password has been stolen.
"We all know that people have multiple passwords and we have seen studies that say people are annoyed with passwords. We found that with mobile banking, we have a text banking option that is more limited in what types of information is available, but people use it more because they don't need a password to grab information," Steen says.
The new identity system works this way: A customer enters a branch and asks to active a financial ICONN (Identity Confirmation Number). The customer provides a name, address, date of birth, country of birth and gender along with what TASCET refers to as a "fingerproof" and "faceproof," or fingerprint and photo (the company uses these terms to distinguish from law enforcement vernacular). That information is sent to TASCET where the company matches it against a database that includes information from across the financial industry and other industries such as healthcare, travel and academia.
If Tascet's analysis deems the consumer to be unique, it activates the consumer's ICONN. Once the ICONN is activated, the technology company returns a 16-digit financial security number to Bridge Community Bank that is incorporated into the consumer's account. The next time the consumer enters any bank location, he or she can scan a finger to verify identity and trigger the security number to execute an action with the bank. The bank's policy dictates what transactions or actions are risky enough to warrant a scan.
To protect transactions between Tascet enterprise clients, consumers grant the "other bank's" permission to use their financial ICONN by going through the same identification process. If the consumer is deemed unique, the "second bank" would receive the same financial security number for their records. Tascet's identity infrastructure would then refresh finger and face images to account for aging and other changes.
Bridge Bank's project is one of a number of ways banks are using biometrics to migrate away from passwords. In a recent BTN article on password alternatives, the wide array of biometric alternatives was bemoaned by financial services executives such as Michael Barrett, chief information security officer for PayPal, who contended the large number of providers creates interoperability problems.