Logging into mobile banking with a thumbprint has become mainstream, but are customers ready to be authenticated via a palm reader at the branch or have their irises scanned to get cash from an ATM?
In digital channels, biometrics are all the rage. Touch ID has become ubiquitous for many mobile apps. Banks like USAA are letting their customers verify their identity on mobile through scans of their thumbs, voices and faces. Wells Fargo has been working with EyeVerify to create iris scans for its commercial customers. But banks increasingly are looking at how they might use biometrics to make their interactions customers in branches and at the ATM easier, too.
“In the next few years, biometrics will become mainstream for authentication and fraud detection in terms of servicing our customers,” said Ryan Crowley, the head of branch innovation for JPMorgan Chase.
The key is figuring out which biometrics customers are most comfortable with, he said. While current technology capabilities enable a wide range of biometrics, customer feedback is crucial in determining which are the right ones to roll out on a large-scale basis, Crowley said, and creating a common customer authentication method, whether that is voice, facial recognition, or something else. In other words, companies have to strike a balance between cutting-edge biometrics technology and their customer’s perception of those methods.
JPMorgan is experimenting with new biometrics technologies at an innovation lab in Columbus, Ohio, where customers are invited in to test them and offer feedback, Crowley said.
“We conduct extensive user research and testing on all of our new products and innovations before we put them into the market,” he said. “This allows us to get real-time feedback, understand customer behaviors and design the best experience with the right safeguards.”
For now, the bank isn’t using any experimental biometrics technologies in it branches, but if and when it does, the customer feedback from these exercises will likely prove valuable, he added.
GESA Credit Union in Richland, Wash., meanwhile, is pleased with how its members have taken to palm-vein authentication technology it rolled out last year in three of its branches.
Members register for the service. When they visit a branch from then on, they place their hands over a palm scanner on a tablet. The scan is matched against their preregistered palm-vein patterns and they are authenticated. Once the match is confirmed, the member’s profile is automatically displayed on the teller’s screen.
The solution eliminates the need for the member to present a photo ID or enter an account number, and enables staff to serve members quickly, personally and more intelligently, said Karl Guynn, director of products at the credit union. Thus far, the technology has reduced the time it takes to authenticate a member at the teller line by 93%, from 15 seconds down to less than a second.
“The response has been fantastic,” said Guynn, who added that by the end of the month GESA expects to install the technology in the final few branches where it isn’t already in place. “The security is so much higher than the previous way, and so is the convenience.”
GESA plans to roll out the technology for authentication at its ATMs in the future, Guynn said.
The technology was developed by Fiserv and it is integrated with the Fiserv core platform that the credit union uses. The technology was specifically developed for GESA; the palm-scanning project began when the credit union entered a beta program for the technology in November 2014, which ran through October 2015 before being more broadly rolled out. Guynn said the credit union often looks at new technology to make customer interactions more efficient.
The popularity of the product at GESA has led Fiserv to offer the technology to all its bank and credit union members, said Chris Van Der Stad, chief technology officer for Fiserv’s open solutions division.
“We’re seeing a lot of excitement around the efficiency of this process of authentication, and not having to do things like show a driver’s license,” he said.
While there is still a “creepiness factor” with some forms of biometrics, Guynn says it is not significant.
“Everyone is so used to biometrics now,” he said, referring to Touch ID technology on mobile devices. “People encounter biometrics almost everywhere they go.”
The key to success is giving customer choice when it comes to authentication, Guynn said.
“We don’t require people to use it and we never will,” he said. “We think of it like the TSA Pre-Check option; some might consider that more invasive but you stand on a shorter line. And we’re seeing use in many different demographics. For example, older people with arthritis love it; they don’t have to dig and fumble through their purse or wallet for an ID.”
(Guynn was referring to the Transportation Security Administration's PreCheck program, where travelers pay a fee and undergo extra vetting in exchange for access to a faster security process at airports.)
Further, the popularity of in-branch biometrics authentication such as facial scanning in other parts of the world bodes well for its future in the U.S., said Devon Watson, vice president of strategy and operations at Diebold Nixdorf.
“It’s quite prevalent for customers in LatAm, for example,” he said. “It’s quite convenient.”
It’s a topic Diebold is actively thinking about; last year it partnered with Citi to experiment with how iris-scanning ATMs in branches might work. Though nothing concrete has yet come of that project beyond the initial pilot, Watson said the fact it happened shows banks are bullish on biometrics.
“The challenge is to carefully toe that line between creepy and convenient,” he said. “It depends from market to market.”
But Watson said the U.S. likely will adopt further biometrics technology when it comes.
“Three years ago Americans probably would say they didn’t want their finger scanned to authenticate; now it’s commonplace,” he said. “They know that when you use [technology like Touch ID] your fingerprint gets turned into a code, the bank only sees that code and no one is stealing your fingerprint.”
Guynn agreed with Crowley that for the technology to be most effective, financial institutions need to do research and seek customer feedback.
“It’s not one-size-fits-all,” Guynn said. “What works at a location in a city might not work in a rural area.”
Beyond the psychological hurdles some customers may have when it comes to things like face or palm scanning, a potentially bigger deterrent to mass adoption of biometrics is determining who stores the data and where it is stored, said Owen Wild, global marketing director for financial services security solutions at NCR.
“The challenge is determining the ownership of the database that you’re validating against,” he said. “Who owns and runs that? Will it be the individual financial institution or a centralized authority? Who is going to secure it?”
Wild also noted that widespread use of biometrics is easier to accomplish in countries that have few banking options, or with centralized state control of the banking system. In the U.S., with thousands of banks of varying sizes, it becomes much more difficult.
“While you’re seeing some individual [financial institutions] roll out this technology," Wild said, "for it to be broad-based it’s probably going to have to be something agreed upon with some form of industry standardization.”