The rising importance of one of the most exciting technologies in financial services – biometric authentication – has been marked by Mastercard’s European rollout of Identity Check Mobile, a payment application that allows users to authorize online purchases using fingerprints or facial recognition.
This is clearly an area with huge potential for growth and innovation, but as more and more financial institutions (FIs) jump on the biometrics bandwagon, one of the big concerns for law enforcement agencies and regulators will be the evolving threat of fraud.
‘No compromises on security’
Mastercard said Identity Check Mobile will make online shopping simpler for consumers, without compromising safety and security. The technology is designed to eliminate the need for customers to enter passwords to complete purchases, which Mastercard said can be time-consuming and sometimes results in aborted transactions. Users can verify their identity using a smartphone fingerprint scanner or via facial recognition by taking a ‘selfie’ photo.
The service was successfully trialed in the Netherlands, the US and Canada and is now being rolled out across 12 European markets, including the UK, Germany, Spain and Sweden. A phased global rollout will begin in 2017. During the trial, nine out of ten Dutch participants said they would like to permanently replace password authentication with biometrics for web purchases.
Ajay Bhalla, president of enterprise risk and security at Mastercard, said: “We are relentlessly focused on making the online payment experience near frictionless, without making any compromises on safety and security. This is a significant milestone in the evolution of payments. Shopping in person has been revolutionized thanks to advances like contactless cards, mobile payments and wearables, and now we are making Identity Check Mobile a reality for online shopping in Europe, and soon, the world.”
Staying ahead of evolving threats
It’s crucial to remember that, as security-focused technology evolves, so do the methods used by criminals and so must the safeguards put in place to protect customers and their sensitive data.
The potential security risk of increased use of biometric authentication in financial services was recently highlighted by Andrew Tyrie, chair of the UK government’s Treasury Select Committee, in an open letter to Sam Woods, chief executive of the Prudential Regulation Authority. The committee has heard evidence suggesting that biometric data can be “relatively easily obtained by fraudsters”.
Mr Tyrie wrote: “By definition, even when compromised, biometrics cannot be changed by the customer. If so, banks – and regulators – will need to plan for what they will do if customer biometric details are lost and/or illegally obtained by third parties. They will also need to consider how affected customers would be compensated.”
According to recent research by cyber security firm Kaspersky Lab, criminals are already selling biometric skimmers with the capability to steal ATM users’ fingerprints, while devices that can steal data from palm vein and iris recognition systems are in development.
While these are very real threats, it’s unlikely that they will stem the growth of biometric authentication in financial services over the coming years. According to market research solution Reportlinker, this sector will deliver global revenue of $2.2 billion by 2024, up from $126 million last year.
Rather than letting the threat of fraud discourage the adoption and expansion of the latest technologies, FIs, regulatory bodies and third-party service providers must challenge themselves to be quicker and cleverer than the criminals, constantly staying one step ahead of those who pose a risk to the law-abiding public.