Vendors promoting home biometric security tools to banks say that consumer confidence in the concept has improved, and that in some cases the cost is becoming more manageable.
Last week Solidus Networks Inc., whose Pay by Touch system is already being used by merchants, introduced a version that people can use to authenticate themselves when they visit online banking sites through their home computer.
Jon Siegal, an executive vice president with the San Francisco company, said that about 10 banks have expressed interest in using the home version, TrueMe, for retail and commercial customers.
Consumers need to have a fingerprint scanner to use the system. It also works with the scanners that Lenovo Group Ltd. builds into some of its ThinkPad laptop computers. Add-on scanners can cost about $30, and most likely the bank would foot the bill, he said, but TrueMe is priced competitively with other hardware-based authentication systems.
In addition to using fingerprints for authentication, TrueMe scans the unique identifying chip inside the scanner, and only fingerprints associated with that chip are allowed access to the site. Once the system is set up, Mr. Siegal said, the bank could allow the consumer to use the system without a password.
Banks pay only an annual per-user fee and do not have to buy a server to offer the system to the customers, he said, since Solidus authenticates each transaction directly.
“You shouldn’t have to trade off convenience for security,” he said. “Biometrics can help solve this problem.”
Avivah Litan, a vice president and research director at Gartner Inc. of Stamford, Conn., said recent surveys “done by any company, including Gartner, shows that consumers really like biometrics.”
A survey Gartner conducted in August of 5,000 U.S. online adults found that biometrics was the most popular strong authentication method, she said. When asked which method they would prefer if they had to choose something besides a password, 30.7% of respondents selected biometrics, while 18.1% chose a keyfob that plugs into a computer’s USB port and 18% chose a smart card and reader.
Michael McCormick, the lead architect for information security with Wells Fargo & Co. of San Francisco, said last week at a New York security conference hosted by the Financial Services Roundtable that North American banking companies are “leading the charge” in implementing biometric security.
Consumers have said in the past that they dislike the idea of financial companies’ holding a database of fingerprint information. However, Mr. McCormick said that these ideas are changing. “It has a lot to do with 9/11. It changed a lot of peoples’ attitudes, not just toward biometrics but security in general.”
Nowadays “consumers love” biometric security, and that approval is part of the reason Pay by Touch is becoming so popular, he said.
He would not discuss Wells Fargo’s biometrics plans.
Bio-Key International Inc. of Wall, N.J., offers an in-home system similar to TrueMe. Jim Sullivan, the director of sales for Bio-Key, said at the conference that the increased prevalence of fingerprint readers in computers like Lenovo’s makes a more attractive business case for biometrics. “That’s a big breakthrough.”
The increased prevalence of readers in computers is being spurred by concerns over data security; the computers are marketed to people and companies that want to control access the information on those computers, he said.
Samir Nanavati, a partner with the International Biometric Group LLC of New York, said at the conference that the current crop of biometric scanners offer better security than earlier ones.
Though some scanners can be tricked, for example, with a plastic hand, many scanners look for electrical conductivity, temperature, pulse, and veins within a finger to make sure it is real.
Improved quality does not drive up costs, he said. “I haven’t found that, in the past decade of testing, cost and spoofability are directly related at all.”
Ms. Litan said that in-home biometrics are more popular among people whose employers have issued them computers with built-in fingerprint scanners.
It will take at least three to five years for the systems to become common enough for banks to use them for online banking, but many banks have said they would be eager to use the technology when the time is right, she said.
“Most banks I talk to now say two-factor [authentication] is going to go from something you know and something you have,” like a password and a security token, “to something you know and something you are,” like a password and a biometric identifier, Ms. Litan said.
