Behavioral biometrics and biometrics in payment cards: Beyond the PIN and password

To learn more about how different biometric technologies are being implemented in the financial world listen to our video interview with Howard Berg, Senior Vice President and Managing Director, Gemalto UK.

He will be answering a simple question: How can behavioral biometrics combined with machine learning and risk assessment techniques provide a much more innovative approach to on-line user authentication?

We will also see that biometric technologies are applied in cards themselves, to further help shift security away from the PIN and the password.

Biometrics can deliver a new era in digital authentication for financial institutions according to Howard Berg, Senior Vice President and Managing ​Director, Gemalto UK​

With fraud and cyber-crime continuing to make headlines with depressing regularity, preventing customers from being exposed to risk should be right at the top of banks' agendas, along with improving the customer experience.

Biometric technologies such as behavioral biometrics and biometric cards offer banks the chance to stay one step ahead of the fraudsters, who continue to evolve in terms of scale, sophistication, and ambition.

Even more remarkably, it does so in conjunction with a step-change in the customer experience.

But the margin for error is small.

Consumers will not accept their banks treating their biometric data with anything other than the utmost care and protection, so banks, in turn, must ensure their security strategy is robust and ready.

If they can achieve that, greater peace of mind can be realized without compromising the speed and convenience on which the digital banking revolution has been built.

Let's dig in.

Dow​n with PIN/password

More and more financial institutions are now looking into biometrics to replace the PIN/password and increase convenience for daily banking operations.

Why is that?

​​Behavioral biometrics for adaptive authentication

The introduction of online and mobile banking have given customers a convenient way to interact with their bank as and when they please.

However, with so many consumers still feeling that there are gaps in eBanking security, it's clear that banks and other institutions involved in making payments need to optimize security without compromising on convenience before these digital services can achieve their full potential.

Not another keyword!

Evidence is growing that consumers are growing weary of a seemingly endless cycle of clunky demanding user/name password authentication method.

With new threats emerging almost daily, measures to protect end-users from hacking and fraud have to be delivered without jeopardizing the consumer experience.

For the hard-pressed banking industry, compelling response to these challenges comes in the form of a new generation of biometric-based solutions.  ​

​

Consumers want a ​​​personalized, convenient experience

Today's banking customers demand a personalized experience, as well as a more secure and convenient banking journey. This means that the "one-size-fits-all" approach, in which new security policies and innovations are applied equally without considering the unique requirements of each consumer, is no longer the best way forward.

With the rise of Fintech start-ups and the imminent PSD2 (Revised Payment Service Directive) regulations set to increase competition in the sector, the customer experience is becoming an increasingly important differential, so a more nuanced approach is necessary.

Banks need to ensure they are one step ahead of competitors in developing an engaging and easily navigable customer experience, and new biometric technologies offer a way of achieving this.

Let's see how.

The benefits of biometrics

Using biometric data to authenticate identity is something many of us have become familiar with thanks to the prevalence of fingerprint readers in smartphones over the last five years.

Now we can look beyond fingerprints, iris or vein patterns, to unique characteristics in the way someone types on a keyboard or moves a mouse.

As the name suggests, behavioral biometrics is an innovative approach to user authentication that is based on the creation of a unique profile for every customer.

The measurement of unique patterns is not new and goes back to the 1860s. 

Telegraph operators recognized each other by the way they would send dash and dot signals. During World II allied forces used the same method to identify senders and authentication messages they received.

Today, using leading-edge big data and machine learning technologies, behavioral biometrics leverages a rich mix of personal and device characteristics to distinguish between legitimate customers and fraudsters. 

Typically this includes:

• Automatic recognition of patterns such as how keystrokes are made on a phone or tablet,
• How a mouse is used.

Furthermore, these human traits are reinforced with device-based indicators such as IP addresses and geo-location. 

Risk assessment rules can then be applied to each transaction, ensuring that an appropriate level of authentication is always proposed.

Let's take an example.

A low-value transaction in keeping with normal behavior patterns can be processed instantly. However, if a heightened risk is detected, such as an unusual location or unknown IP address, the transaction can be blocked, or additional authentication requested. ​

Geolocation, IP-addresses (the device being used) and keying patterns can create a strong combination to securely authenticate users.

There's more.

Personal habits and regular movements can be learned over time, meaning customers will have far fewer incidences of cards being temporarily blocked, or calls from the bank to check an individual transaction.

Detecting unusual ​patterns

For financial institutions, it allows them to cut operational and administrative costs, as it instantly picks up unusual purchasing patterns without the need for human involvement and provides bank managers with detailed information on the nature of the potentially fraudulent activity.

It enhances risk management processes by establishing multiple layers of assessment, such as:

• Device,
• Location,
• User behavior.

The customer, meanwhile, benefits from an effective security solution that doesn't compromise the seamless banking experience they have come to expect from digital services. 

There's more.

It also provides them with a personalized authentication journey, altering the number of verification steps required based on the transaction being completed and the user's profile.

​​Biometric banking processes must protect privacy flawlessly

The integration of biometric authentication within banking services will continue to improve with new technologies and contextual analysis techniques. 

Consumers will enjoy an even more seamless experience, but the industry must exercise extreme caution when working in this area. Biometric data is arguably the most personal and private data that anyone has.

And unlike a password or PIN number, you aren't able to change it. If personal biometric data is compromised or lost, the impact on consumer confidence in the technology could be catastrophic.

No room for error (customers are saying)

A recent study we commissioned showed that 44% of consumers would leave their bank in the event of a security breach, and 38% would switch to a competitor offering a better service.

That's why banks and other financial institutions interested in using biometric technology must work with partners who have the security and technology expertise to ensure every link in the chain is protected.

And if they don't...

their own customers won't accept it, and overall confidence in biometrics could be damaged ​– preventing the technology from ever meeting its full potential.

Discover more on biometrics and banking in our April 2018 web dossier on current trends in biometrics​.​

Unfamiliar with biometrics? Read our web dossier on what is biometrics?

Where does Thales fit in?

Thales Gemalto IdCloud Fraud Prevention is at the forefront of this new approach. Crucially, it offers a completely frictionless customer experience for online authentication.

"There is no action required by the user – [everything happens] in a matter of seconds," explains Howard Berg, the company's Senior Vice President. And as an entirely cloud-based platform, implementation is equally straightforward for banks and merchants. "No new terminals, nothing new at all," Berg adds. 

Another key characteristic of Thales's hub philosophy is the ability to embrace numerous best-in-class behavioral biometric technologies within a fully integrated, one-stop solution. 

As Berg emphasizes: "The hub is about combining with other companies who are specialists in their areas."

Biometric technology can also be applied in cards themselves, to further help shift security away from the PIN and the password​.

The arrival of the biometric payment card will allow the holder to simply touch a fingerprint sensor embedded in the card when making a contact or contactless transaction. 

To confirm the customer's identity, this image is compared with the one stored securely in the card's chip but never leaves the card. 

No data needs to be sent to a third party for authentication, eliminating the need to set up a biometric database and the risk of fingerprints being intercepted or any other tampering with the process.

What 11,000 consumers and ​​900 decision-makers say on online/mobile banking

​The study polled 900 IT and business decision-makers from the banking sector and 11,000 consumers across 14 markets who use online/mobile banking.

Some of the key findings:

• 44% of customers cited that they would switch bank if their current bank had been breached
• ​38% would leave if they knew another provider was offering better security measures.
• 51% Just over half of the professional respondents believe that their organization's customers are completely confident in their security mechanisms
•  51% of surveyed consumers believe that there are gaps in the security of online and/or mobile banking

​