Biometrics once seemed worlds away from mainstream use. But as this category of security technology gains momentum, has its time as a bank account authentication tool finally come?
In some ways it already has. ATMs featuring fingerprint readers have been used in South Africa since 1996. Brazil today boasts more than 55,000 ATMs that use biometric technology. And in the U.S., banks have been using biometrics since the mid-2000s to facilitate secure self-service access to safe deposit boxes.
The idea of using physiological markers is on the verge of widespread acceptance. But the technology first must overcome some notable barriers.
Social Acceptance: U.S. consumers especially are worried about privacy and the potential misuse of their captured biometric data. They're most concerned with where and how the data is held. After all, once the data is stolen, nothing can be done to alter the source. Passwords can be changed; fingerprints, irises and handprints can't.
A potential way to mitigate this concern is for the consumer to retain a digitized version of his or her physical attributes, on a smartphone for instance, rather than having that data stored by a financial institution. An institution's encryption system would then translate and match that data, as well as the consumer's actual physical attributes, to authenticate the user.
Standardization, performance and security: For biometrics to be applied more broadly, the industry must select a standard form of authentication to enable interoperability between systems. Naturally, a uniform approach will require the development of regulatory or industry standards.
The speed of access and authentication also is critical. Consumers will have little patience for time-consuming authentications. In addition, banks will need to address the security of all points of their systems — from end to end — to ensure they've eliminated opportunities for data interception.
Infrastructure: For biometrics to be applied extensively, FIs will need to assemble accessible databases of biometric information. And they'll need to ensure those databases are highly protected from external and internal threats.
Cost: The added security biometrics offer may justify the investment, but currently, the cost of deploying it, educating consumers and building a biometrics database remains high.
Accessibility: To ensure that all consumers are able to take advantage of secure biometrics technology, accessibility challenges must be addressed.
None of the above barriers are insurmountable. In Brazil, for example, consumers have accepted — even demanded — biometric authentication at the ATM; suppliers have addressed performance and security aspects; and banks have developed the infrastructure to support biometric data management.
For other markets to follow suit, they'll need to reach similar levels of acceptance and infrastructure investment. And some of the groundwork for that already has been laid. Use of biometrics in mainstream consumer devices is intensifying consumer interest and trust in the technology.
A future in which consumers are routinely able to swipe, scan or touch a device to securely access private financial information may not be that far off.
Frank A. Natoli Jr. is EVP and chief innovation officer for Diebold in North Canton, Ohio.
