The use of biometrics is growing in the financial services sector, making the security of the technology behind these mechanisms increasingly important. For financial institutions the primary goal of digitisation is making banking simpler and more intuitive for customers, says networking company F5 Networks senior systems engineer Martin Walshaw.
However, the real risk is the chance that a hacker could gain access to the digitised record of biometric data. The UK National Fraud Authority estimates that £3.3-billion is currently lost through identity crimes each year. Imagine how this could increase if hackers could access biometric data.
“Combining the desire for ease of use with the need to improve security is a difficult balancing act. With biometrics in banking rapidly gaining momentum, it is equally becoming an area of interest for cybercriminals, meaning the security of the apps and systems that support these mechanisms is more critical than ever.”
Although biometrics offers an extremely strong alternative to traditional authentication methods, such as passwords and personal identification numbers (PINs), no system can be 100% secure. However, having multiple gatekeepers in place can fortify the security of apps and systems.
“The more different proofs of identity required through separate routes, the more difficult it becomes for a cybercriminal to steal a consumer’s identity or to impersonate them,” he explains.
Machine learning offers the potential to help banks authenticate users, based on multiple assessments, including behaviour, appearance, voice and even the speed at which they type. With such capabilities, a user’s device can constantly calculate a trust score which verifies that the user is who he or she claims to be. According to Deloitte, together, these factors are ten times safer than fingerprints and 100 times safer than four-digit PINs.
Solutions are being developed to solve the issue of biometric records being reused when stolen. For example, a new approach is to split the biometric information between the user’s device and data centre storage, which means that, if one is compromised, the hacker will not have all the information needed to gain verification.
“Despite its potential, biometric-based authentication is not fail-safe and poses its own security challenges. The unique nature of biometric verification and the fact that the digitised record is stored and encrypted locally in a secure portion of your device [do protect the data better ]than traditional verification methods.”
Further, the risks surrounding this type of data are greater. Unique, permanent biological identifiers cannot be changed or replaced in the event of a breach, so they may have dire consequences if they end up in the wrong hands.
New techniques are emerging that remedy some of the typical challenges associated with biometric solutions, including a lack of capability on the user device and verification failure (facial recognition is prone to problems with lighting conditions).
“Regardless of its challenges, biometric technology provides organisations with another layer of defence against cybercriminals, while simultaneously streamlining the customer experience
,” says Walshaw.