"OneSpan has a mobile security suite which allows developers to easily integrate security capabilities into their existing mobile apps, including biometric authentication. "
Sam Bakken, OneSpan Product Marketing Manager
We’ve all seen the Mission Impossible films where the IMF team have to employ all of their skills in order to crack top secret high-security encrypted systems using retina scans, voice recognition and even gait analysis. Although it once seemed incredibly futuristic, the reality of us all using biometric authentication technologies in our day to day lives to access things such as our bank accounts is very much in the here and now.
Biometric authentication is a security process that relies on identifying the unique biological characteristics of an individual in order to verify them before allowing access to a system. Biometric authentication systems compare your biometric data (e.g., your face, fingerprint, etc.) to your stored pre-authenticated data and, if both match, authentication is then confirmed.
Many of us are already using biometric authentication everyday such as using fingerprints and facial recognition technology to access our devices, but when it comes to protecting our most important data – such as our online bank accounts – most of us are still logging on using the traditional username and password approach. However, the growing use of biometric technologies is changing how we will access our bank accounts with the aim of vastly improving both online security and the user experience.
There are, however, still many misconceptions about how biometric technologies actually work and exactly how they can be integrated into existing technologies and this has the potential to impede its overall adoption.
To find out more, we spoke to Sam Bakken, Senior Product Marketing Manager from OneSpan, a digital identity and anti-fraud technology company based in Chicago who specialize in securing remote banking transactions.
Many of us are still using usernames and passwords to access our bank accounts. Do you think there is still a level of mistrust in biometric authentication technology?
“Traditional authentication methods such as usernames and passwords can be easily shared and can be stolen during a data breach. What makes biometric authentication systems different is that they don’t depend on the biometric itself – e.g. the person’s face - necessarily being secret. It is the liveness detection and anti-spoofing technology which are used to ensure that the user really is there with the device in question.”
Is it possible for facial and fingerprint recognition to be fooled by a static fingerprint or a photo for example?
“Consumer-grade facial and fingerprint technology used on your devices often lean more towards convenience rather than security. Liveness detection and robust anti-spoof technology are just two of the techniques used in biometric security for mobile banking, which prevent ‘presentation attacks’ - this is where people attempt to defeat security through using things such as masks or photos.“
Data privacy is always a hot topic, should users be concerned about misuse of their biometric data e.g. their photo?
“When biometric authentication is used for logging into your bank account, the bank gives the user an option to use face recognition rather than a password – therefore, importantly, the user has given their consent. That is very different from the scenario where, for example, someone’s face is being used without their permission, e.g., to locate them in a crowd. In biometrics, you don’t actually store photos, you store an encrypted mathematical representation of the face.”
Some people are of the opinion that biometrics aren’t practical over the long run because technologies like facial recognition or fingerprint scans won’t work as a person ages and their features or voice changes, is there any truth to that?
“The reality is that changes to your face or voice happen over such a long period that this is a non-issue. Ultimately, as consumers are authenticating regularly, any changes can be updated by the application over time.”
I understand how biometric authentication is used once you actually have that person’s biometric data, but how does it work for the digital on-boarding of say a new customer?
“One example of this is ‘ID verification’, for example, where the User needs to provide proof of ID such as a driver’s license. Using facial comparison, the User’s image can be compared to the driver license photo, so the User doesn’t need to be known beforehand.”
It seems surprising that biometric authentication isn’t more commonplace, especially in areas such as online banking. Is it because it is difficult technology to incorporate into existing software?
“OneSpan has a mobile security suite which allows developers to easily integrate security capabilities into their existing mobile apps, including biometric authentication. Most importantly, it provides the building blocks to ensure you are building a secure application.”
It’s clear that biometric authentication is a rapidly evolving industry, what other technologies might we see in this space in the future?
“It is interesting to think about this from what the best interfaces are, that is where the future of biometrics will be. For example, there is potentially a way to uniquely identify a person if they are wearing earbuds - you send an inaudible sound that is then reflected back through the ear canal, which can then model your ear canal and use it as a biometric identifier. Therefore, if I’m on the train and I want to look at my bank account and I’m wearing my earbuds, I wouldn’t need a fingerprint, or need to scan my face, or speak to my device - my ear canals could provide continuing authentication as needed.”
Statistics show that attackers are paying much more attention to the mobile channel, they know that more people are banking via their mobile devices. As these mobile threats increase, banks need to take further steps to ensure that their applications are secure because they can never be sure exactly how secure a user’s device is.
With banking fraud losses estimated to be in the billions and COVID-19 causing a quantum shift in the use of online banking, there has never been a more important time for both consumers and industry professionals to learn more about how exactly new biometric technologies work and how companies such as OneSpan can help protect us and keep our financial transactions secure.