Biometric ID Needs Careful Customer Sell

Now that biometrics has gained a toehold at banks, the industry is facing some difficult decisions about how to introduce it to customers.

Banks have been using the futuristic technologies in back-office settings for some time - to validate employees logging in to desktop computers or seeking access to a server room. But the customer perception (when there is one at all) is that biometric devices are new. It is going to take a lot of patient smiles and marketing savvy to bring biometric ID to the retail setting, and banks that want to do it should be thinking ahead.

One thing that seems clear is that biometric identification will have to be voluntary for customers, at least until the practice is well accepted. Someone who has just had eye surgery, for example, is probably going to balk if a bank asks to take an iris image as a condition of granting account access. Anyone who has ever been arrested will likely feel skittish about giving a finger image in order to use an automated teller machine.

Accuracy is also an issue. A small percentage of people have physical characteristics that defy machine attempts to register them.

Experts on biometrics say imaging devices are harmless from a health standpoint; using some of them is like having your picture taken. Moreover, banks and other institutions that use biometrics say people's vital signs are stored in a way that cannot be tapped by outsiders.

But these assurances are unlikely to assuage all concerns. Most people, when introduced to the concept, express enthusiasm for not needing a PIN or bank card to get cash from an ATM. But there will likely always be some who resist biometrics - as surely as the American Civil Liberties Union will continue to fight biometric initiatives on privacy grounds.

Practically speaking, biometrics have a lot in common with smart cards. Both technologies have been around for a while, and both come with a devoted cadre of experts who are waiting for the day that mainstream bankers finally see the light. Both have been edging their way toward broader acceptance as technology costs have come down and the Internet has begged stronger identification and validation devices.

Cost, logistical complications, and a shortage of standards have hampered the adoption of biometrics and smart cards. In the case of biometrics, the size of the devices has been a hindrance, but some scanners that once were the size of a computer keyboard are now smaller than a mouse. The price of some of these peripheral devices has dipped to $100 or less. Standards may continue to be a problem for the foreseeable future. As banks experiment with different types of biometrics, the facial scanner that one bank uses at its ATMs is not going to recognize customers from another bank that is dabbling in fingerprints.

Last year, Bank United Corp. of Houston installed what it said were the first iris-scanning ATMs for public use, in three branches in Kroger Co. grocery stores in Texas. People who sign up for new accounts at these branches are asked if they would like to enroll, which involves sitting in front of a camera for a minute or two while a video is taken of the eye. (Other customers can sign up too.)

The video is converted to a bar code based on the iris' characteristics, and the bar code is loaded into a database. After that, the customer can touch the screen of one of the special ATMs, and a camera will rephotograph the eye. It takes 10 to 20 seconds to make a positive match and about 30 to 40 seconds to reject the person.

Bank United said that what it calls EyeTMs work even when people are wearing glasses, sunglasses, or contact lenses, regardless of whether they were wearing those things when they enrolled.

"Internally, when we were thinking about rolling it out, we dreamed up worst-case scenarios of customer reception, and none of those bore out in the marketplace," said Vern Stockton, a spokesman for Bank United. "Overwhelmingly, the customers accepted it and were in fact attracted to it. We had a lot of new customers who changed from other banks and opened new accounts with us just so they could use that technology."

With more than 90% of customers in those branches signing up for biometrics, Bank United may expand the program. Each ATM costs only $5,000 gear up, and prices are coming down, Mr. Stockton said. Throughout the program's introduction, the bank has consciously avoided the type of loaded words that could inspire fear.

"We stay away from the terminology 'scan' because it's really just a video," Mr. Stockton said. "People think of a supermarket scanner or something. This is just the same video that is taken to record all ATM transactions."

One man who has heard all the misperceptions is Samir Nanavati, a partner at International Biometric Group, a consulting company in New York. "When you ask people the first time, all the science fiction references start coming out," he said. "I forbid you to use James Bond in this story."

Mr. Nanavati, whose firm produces extensive research on the biometric industry, said there are "two general perceptions out there - one is what bank board members think, and the other is reality." In reality, he said, when people see the biometric devices and learn how they work, their privacy concerns are satisfied and they are gleeful at the prospect of ditching their PIN. "If a bank tells them that this is a technology they've tested that's safe and secure and that their privacy is being protected, that mitigates 99.9% of their concerns," he said.

Again, customer acceptance hinges on the way a program is presented. In the case of finger imaging, banks are advised not to use the word "fingerprint" because of the law enforcement connotations, and to explain to customers that the device is taking measurements of their finger characteristics, not taking their fingerprint. "If you compare it at the point of sale to signing a credit card, both finger and face verification are preferred" by customers, Mr. Nanavati said.

Advocates of biometrics say the potential for reducing fraud is worth the investments in equipment and public relations. Biometrics are being used to identify welfare benefit recipients in eight states, with some favorable results. In Connecticut, installing a finger image system has stifled the perception that benefit recipients are double-dipping, said David Mintie, director of the Department of Social Services digital imaging project.

"It's kind of like a burglar alarm," he said. "How do you know how many burglars you've actually deterred?"

Unlike Bank United's pilot, the programs in Connecticut and other states are mandatory. Social service clients must consent, or forgo their benefits. When Connecticut's initiative began four years ago, "We spent a lot of time talking to legal services organizations who said, 'Over our dead bodies, you're invading our clients' privacy,' " Mr. Mintie said. "When we talked to our clients about it, quite the opposite was true. Most were kind of fascinated by the technology."

Bank executives and industry officials often seek Mr. Mintie's advice, and he tells them that identity theft and fraud are the best arguments for biometric systems. "I'm not an advocate of big-brother stuff," he said. "The ultimate way the public will accept biometrics in the banking industry is based on ownership of their biometrics, where there is no centralized storage of the faces, fingerprints, iris scans."

He added, "That's probably where smart cards come in. The profile can be stored on the card, and the individual saves ownership of it."