Overseas banks have been very proactive in using biometric products and services for everything from employee verification to consumer authentication. In Europe, for example, where ID fraud is taken as seriously as it is in the United States, most EU nations include a biometric fingerprint on their national drivers licenses. Not so in America.
Analysts say U.S. banks are taking longer than their overseas brethren to adopt biometric options, given their concerns about accuracy, affordability, security and convenience. And in the U.S., the issue of privacy dwarfs all other concerns. Its true the U.S. has been fairly slow to adapt, but there have been a number or reasons for it, says Richard Norton, evp of the National Biometric Project, a federally funded group in Washington, D.C.
Many U.S. banks are tied to their IT legacy systems, and remain reluctant to start over with what many still consider an untested technology. The U.S. has long relied on a very robust real-time structure, explains Lem Sanders, a consultant at International Biometric Group in New York. Foreign banks havent had that going for them. Overseas banks appear seemingly quicker to look at other issues. For U.S. banks, its hard to bypass an infrastructure that was expensive and hard to get working for you.
TowerGroup senior analyst Ed Kountz says biometrics has been especially popular in Third World haunts in Latin America and Eastern Europe, where existing bank safeguards are so far behind U.S. technology that they have a lot of catching up to do. They can just leapfrog over where they would have been, so its not as much of an investment, he says.
Other banks that have deployed biotechnology in some form include the Bank of Nova Scotia, which uses biometric authentication technology for Internet banking clients; Bancafe in Colombia, which uses it for consumer account identification; and Nationwide Bank in the U.K., which recently rolled out a biometric signature verification from Communications Intelligence Corp. to its 680 branches for customer authentication.
Perhaps one of the earliest adapters was the Brazilian Mercantile & Futures Exchange, which in December 2001 installed Identixs four-finger fingerprint biometric security for authentication of traders at its electronic trading system. The worlds eighth-largest futures and options exchange, BM&F moves US$17.5 billion daily. The exchange evaluated a number of vendors for six months before choosing Identix.
In late 2002, the Central Bank of Costa Rica deployed 400 Identix BioTouch fingerprint readers to secure access to its databases. We considered smart cards with passwords, but biometrics was much more secure, says Mario Alabi, payments technologist at the Costa Rica Central Bank. The information contained in our central databases is highly sensitive and requires top-of-the-line security to protect against unauthorized access.
Carlos Castro, head of bank security, says the system has been working quite well for the year it has been in place. There are three techniques to good security: Something you know, something you have and something that you are, he says. A password with a smart card and a fingerprint is the most robust product you can have today. But the most robust of those three is something you cannot forget or share: the fingerprint. A password is being added for another level of protection.
TowerGroup senior analyst Ed Kountz says what is happening in biometrics in the U.S. is similar to what happened with mobile technology. The cell phone revolution grew much faster in Europe, but not in the U.S., where we had an established infrastructure [of land lines] that basically works, he explains. So whats the value of changing the system? Is there enough fraud or risk of fraud to worry about?
Many argue there is now. One touchstone banks may need before adopting biometrics more widely is a greater societal acceptance of the technology. But Americans are more fearful of privacy loss than Europeans. Various members of the European Union have already instituted national ID cards with fingerprints attached: Belgium, Portugal and Germany. By late 2005, the British government expects to implement compulsory biometric ID cardsusing fingerprints, iris scans and facial recognition technologyto protect against illegal immigration, welfare fraud and terrorism.
The cards would be introduced after the government built a national database of biometric data on citizens. Britain has not had compulsory ID cards for citizens since just after World War II. Britain is already working on upgrading passports to include chips containing biometric data, and the U.K. Passport Service has just launched a six-month biometric pilot to test face, iris and fingerprint recognition technology.
Since ID authentication and banks go hand in hand, U.S. banks have long been enthusiastic about more reliable identity authentication, particularly U.S. drivers licenses, which are Americas defacto national ID cards. But the idea hasnt had much traction. Although 16 states collect some form of biometric data, such as fingerprints or facial-recognition parameters for in-house databases, only one stateKentuckyactually has biometrics on the license itself, according to Viisage Technology of Littleton, MA, an integrator with 16 contracts with state DMVs to produce licenses. Kentuckys license reduces a drivers face-recognition parametersvarious facial measurementsto a bar code that can only be read by a pre-programmed reader at the DMV. Banks may also choose to buy them. The thing that is ultimately driving this move toward biometrics is the fact that the DMVs want a better technology to ensure authentication of ID, says John Dorr, Viisages vp or marketing.
But Rebecca Dornbusch, deputy director at the International Biometric Industry Association, notes that the largest user of ID documentation is still the retail bank industry. In fact, the banking industry remains the most vulnerable to ID theft, which the Federal Trade Commission says cost consumers $5 billion in 2002.
So some banks have jumped on the bandwagon for biometric-based licenses. For practical and legal reasons, you rely upon the drivers license or a state-issued ID for identification at a bank, says Don Childears, president and CEO of the Colorado Bankers Association, who notes that Colorado loses $75 million a year to commercial bank fraud. We see so much fraud that we have to find better ways of making sure the individual in front of them is who they claim to be.
The state had been at the forefront of the push for use of biometrics on licenses. In late 2002, the Colorado Department of Revenues Motor Vehicle Business Group enhanced its Digitmarc ID Systems drivers license issuance program with facial recognition technology.
The American Bankers Association has taken no position on biometric-based licenses, says spokesman John Hall. Neither has the American Association of Motor Vehicle Administrators in Arlington, VA, which develops licensing standards for state motor vehicle agencies, though it has long been pushing for national license uniformity.
Biometrics remains a hyper-controversial topic, however, and one that returns repeatedly to the forefront. In 2003, 14 states had bills related to biometrics and drivers licenses. Many of these bills died, however, thanks to the efforts of the ACLU, which says any database of citizens fingerprints is a privacy violation. Theres no question there are strong bureaucratic rationales for tracking individuals and creating databases and so forth, but all too often those looking to do these things look at one side of the issue: what we have to gain bureaucratically, rather than what we have to lose, says Jay Stanley, a spokesman for the Technology and Liberty Program of the national ACLU. We have a long tradition of privacy and being left alone by the government in this country.
The ACLU also has protested use of a national ID card, even though proponents argue it would better protect individuals privacy by moving them away from using social security numbers for identification. But the pendulum of public opinion has been decidedly moving toward national security and away from individuals privacy concerns, especially since the September 11 terrorist attacks.
A recent poll of Americans commissioned by the AAMVA found that 87 percent favor using biometrics to prevent tampering and counterfeiting. And it would be difficult to turn the clock back: Already on file at DMVs across the nation are between 250 million and 300 million facial images and between 50 million and 100 million fingerprints taken by law enforcement and government officials for a wide variety of entitlement programs.
Can Big Brother be far behind?
