Gemalto’s latest e-Banking survey results have highlighted the willingness – and appetite – of end-users to use biometrics. local banks have an opportunity to move past passwords and mere transaction security and add real value by introducing biometrics according to Marwan Elnakat, Director Digital Banking Solutions for the CISMEA region at Gemalto.
In the local banking context where competition is increasing, authentication is a critical means of building customer loyalty and improving the overall brand experience – making the experience about far more than just logging-in and accessing your money.
“Customers want the assurance of convenience and security which, in the banking context typically means strong, multi-factor authentication.” He notes that two-factors usually combine “what I know” and “what I am” – allowing banks to combat phishing and other cyber-attacks. “Strong authentication however, may come at the expense of user convenience, which is where biometrics potentially comes into play. By replacing a solution like a token with a fingerprint, facial imaging, iris or voice authentication, it can suddenly become far easier for customers to confirm their identity.”
While financial services have started making use of fingerprints, Gemalto’s latest eBanking survey results show that facial image recognition, iris scanning and vein networks recognition become increasingly popular when customers are given the option of using them. Local findings echo this with 90% of people surveyed willing to use fingerprints; 47% iris recognition; 46% facial recognition; and 38% voice recognition when it comes to accessing their bank accounts.
“These results are significant, especially given that 59% of South African participants are prepared to use biometrics if offered. This number also represents the highest rate out of all countries surveyed,” says Elnakat. Interestingly enough, 87% of these respondents indicated that they are willing to use biometrics because they believe it to be more secure. Given how quickly biometrics is evolving to include behavioural components, local banks would thus do well to act and implement these far more sophisticated and convenient secure solutions.
“Behavioural biometrics measures unique identifying patterns in a customer’s activities, creating a real-time context for the analysis of their digital banking transactions,” explains Elnakat. “It does this by analysing the way a user types and swipes, as well as holds their phone – and then uses this to establish a unique behaviour pattern for the user. Based on this, the user is subsequently able to authenticate him or herself using these patterns.”
Context learning and behavioural biometrics can then be used as one of the ways to determine if the person is the “right” person (as opposed to a “particular” person). It is consequently one of the technology bricks incorporated into Gemalto’s Assurance Hub, which collects a broad range of information including that relating to geolocation, IP addresses and velocity checking through selected and pre-integrated partners. This risk assessment hub can also integrate with third-party providers to allow banks to have a comprehensive set of assurance assessment services from a single unified platform.
Elnakat explains that because it’s an intelligent system that “learns”, it’s able to draw on a customer’s typical behaviour and use these to prompt them to authenticate themselves when it doesn’t match their existing profile. “More importantly, when the profile and behavior do match, they can potentially complete their transaction without the hassle of entering a password or pin. They simply need to be themselves.”
With local end-users clearly ready for the shift towards biometric authentication, banks need to respond appropriately – implementing best practice systems and procedures if they want to leverage both the security and convenience biometrics brings. “This makes it an interesting and exciting time for our banking and financial sector,” says Elnakat. “Given the potential and willingness for uptake, consumers will soon be required to do far less to prove they are who they claim to be, whilst feeling far more confident that their data and money are safe and secure.”