Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Biometric authentication adoption for on-line banking

19 February, 2015
RBS and Natwest are pushing the adoption of biometric authentication technology with the use of iPhone fingerprint identity as an option for transaction authority

The latest move by one of the top UK banks to replace PIN and password combinations with biometric technology has caused some controversy amongst end users and the IT security industry. Much of this controversy centres around the fact that the iPhone fingerprint scanner was the subject of a seemingly simple hack shortly after its launch.

The bank is mitigating this risk by placing transaction size limitations and restricting access attempts to just three times to prevent repeated attempts by unauthorised users to gain access to accounts.

Despite the criticisms, the bank is doing the right thing by advancing user convenience, recognising the smartphone as the device of choice for banking transactions and deploying the very latest security technologies to protect its customers.

Whether the iPhone fingerprint sensor is the best choice for such risky transactions or not isn't really the point, it's the fact that a fundamentally different authentication technology is being offered to customers. With the large banks on board, the security industry will rise to the occasion and develop faster, smarter, more reliable and more secure technology to meet the market need. So far, the biometric industry has been a bit niche, developing at a relatively slovenly pace and meeting the market needs of only high-tech and high-ticket sectors.

Fingerprint recognition technology is arguably the least secure biometric and so face and iris recognition technology providers will see this as their opportunity to reach mass markets but only if they're able to step up to the oche.

Predictably, the security industry has had mixed feelings about the availability of biometric authentication to on-line banking users. Ping Identity sees the use of biometrics as a necessity for banks to remain competitive in the battle for younger smartphone users. The company's Jason Goode told us: "Biometric technology such as fingerprint recognition not only facilitates a faster service in our on-demand culture, but it also centres on the user’s identity- a crucial aspect. By deploying systems that centre on a customer’s identity and recognise returning customers to give them quick and easy access, banks can avoid any exodus and allow both their businesses and their customers to truly realise the benefits of secure online, mobile access to their finances."

With lost and stolen passwords being the top cause of data breaches, Verizon also welcomes the move to biometrics but believes the associated risks should be mitigated by a second factor. According to Verizon's Stephen Keenan, "Biometrics should not be used in isolation, and should instead contribute to what’s called a “multifactor” authentication scheme, as this can vastly improve identity proofing by pairing “something you know” such as a username and password combination with “something you are”, making it much more difficult for a criminal to hack into systems pretending to be you."  

As for the critics, security experts and pundits can wring their fingers in anxiety as much as they like but progress won't stop and it's already time for stodgy authentication technologies that haven't changed for 35 years to move into the next phase and embrace biometrics as a viable and mass deployable technology either with or without a second authentication factor.

Jonathan Newell is a broadcast and technical journalist specialising in security systems and transport safety. He contributes to a range of titles in the technical press. He shares his time between the UK and Kazakhstan

Bookmark and Share