Financial institutions mulling over biometric selfie to strengthen security
Suparna Goswami Bhattacharya
August 26, 2016: With the number of incidents of hacking on the rise, organisations, especially banks, are increasingly finding themselves vulnerable to cyber attacks. Various reports claim that the basic motive for data breaches is financial, which makes banks the main target.
Verizon’s Data Breach Investigation Report for 2015 found that about 89% of breaches were because of greed. Earlier this year, a Bangladesh Bank fell prey to hackers, who sucked $81 million in a few hours.
Some experts opine that banks should do away with password and introduce safer and more secure user authentication method. With ecommerce giant Amazon patenting its ‘pay by selfie’ technology, and the rapid development of biometric authentication technology, banks might just want to adapt it. Even Chinese ecommerce player Alibaba displayed ‘pay by selfie’ technology at the CeBit event in Germany.
Xavier Larduinat, from Gemalto, says there are many sources of biometrics beyond fingerprints. “Selfie is one of them and may be attractive for handset makers to offer innovative and entertaining ways to unlock a smartphone or login to accounts. The key is to secure the way you acquire and store the reference data,” he says. Gemalto is an international digital security company.
The username/password methodology is considered highly unsecure by digital security experts as it is ‘one factor authentication technique’. Simple attacks, such as phishing, are enough to steal someone’s password.
Phishing is the practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. Though biometric is also one step authentication but ‘what I am’ is more difficult to steal than ‘what you know’.
The suggestion for two-factor authentication is gaining traction. Examples are ‘What I know + what I have’ and ‘what I am + what I have’.
Though experts recommend keeping different passwords for different accounts, it can get confusing for consumers. After all, in an age where most of our transactions are online, it is definitely not easy to remember multiple passwords. There’s a growing realisation that the traditional password is becoming obsolete unless tied in with multiple layers of authentication.
A Mobey Forum survey revealed that the use of biometrics could be on the rise as banks look to implement the technology to facilitate the same.
Despite the obvious benefits of biometrics, not many banks have so far adopted the same. On iOS devices, many banks are adopting Apple TouchID (fingerprints biometrics), but experts do not seem to be much happy. “This is not a security improvement despite the fact that consumers may feel it’s more secure. The passcode is still available to bypass the fingerprint,” says Aloysius Cheang, executive vice-president of Asia Pacific, Cloud Security Alliance.
Additionally, says a spokesperson from Fortinet, solutions like Apple TouchID allow multiple fingerprint entries, from one or several people. “It can’t be used to identify users.”
“Actually, the way it’s implemented today, it has almost zero impact on security, as there is always a password fall-back option. It’s all about convenience, speed, fun and innovative user experiences,” says Larduinat.