Banking and biometrics – a whirlwind romance?
As Bob Dylan, famously sang, The Times, They Are A-Changin’. Once, the tools required to carry out a bank raid usually comprised a shotgun, old stockings and a bag labelled “swag”. Today, it’s a laptop, computer programming skills and patience, writes Anthony Duffy.
The nature of the crime is changing too – previously, the goal was often to get away with a few thousand pounds, before lying low for a while. Now, the “prize” sought may be the theft of millions or the personal details of thousands, to be then sold on. Then, having proved the approach, the trick is to move quickly and try a similar heist with another bank, before the industry has had the chance to share intelligence which might thwart the attack.
Of course, fraud has always been a challenge for the financial services industry. Financial Fraud Action UK estimating that it cost the British banking industry around £475 million in 2013 alone. And, Benjamin Lawsky, who heads the New York State Department of Financial Services, was recently reported as saying cybersecurity experts tell him that they only meet two types of CEO – those “… who have been hacked and know it and people who have been hacked and don’t know it”.
Research recently undertaken by Fujitsu suggests that only a third of financial services are “very confident” that they would be able to guarantee security measures in the event of an IT failure. Little wonder, then, that the industry knows that it will have to increase spending on security measures if actual losses are to remain “manageable”. JP Morgan’s chief executive, Jamie Dimon, has recently pledged to double his bank’s spending on cyber security over the next five years, in response to an attack which saw the records of 83 million personal and business customers possibly compromised.
Against such a background, it is no surprise that the banking and payments industry is moving quickly to deploy biometric identification systems. Even those without an in-depth interest in banking and payments, will have found it hard not to notice the surge in announcements about biometric deployments that have occurred since the summer of 2014.
In September, Apple announced the launch of its new iPhone 6, together with an accompanying electronic “wallet”. Apple Pay will enable users to make payments by passing their iPhone across a reader and then verifying the transaction via Touch ID fingerprint technology.
In the same month, Barclays announced that corporate customers would be invited to access accounts using a biometric finger scanner. This initiative complements other biometric solutions that the bank has in hand, including voice recognition systems for its private banking clients launched in 2013.
And, in October, MasterCard announced the plans to introduce a contactless payment card. Working with the Norwegian company, Zwipe, this initiative sees a biometric sensor embedded in the card plastic, allowing customers to benefit from an added layer of security without needing to change their existing payments behaviour.
Such systems, which are highly accurate, cost-effective and scalable, deepen bank defences by providing an unequivocal link to an individual, event or transaction while being very hard to forge. Yet they have been around for some time, so why the apparent sudden interest in this particular form of security? Perhaps the answer is that, previously, the industry lacked a catalyst for change. And now, as media stories reporting security breaches appear more frequently, banks are prioritising the maintenance of customer confidence in their industry, systems and products. Thus banks are looking to additional forms of protection that customers can see meet their unique needs.
At Fujitsu, we have seen customer interest in biometric technologies first hand. We have deployed palm vein-reading ATM equipment around the world, including Japan, Turkey and Brazil. Customers appreciate the third level of identify authentication that the system can bring to plastic card usage, while also speeding up and simplifying the personal identification process that is required to support many other banking transactions.
Furthermore, by embedding palm vein readers in laptops, tablets and the PC mouse, we have also been able to bring-to-market a range of office equipment which utilises biometrics to accelerate computer log-on, thereby strengthening security while also enhancing productivity. By deploying biometric technologies to manage building access, key areas which could be the source of potential attack – such as data centres – can be more tightly controlled. And by using biometric technologies such as voice and speech recognition tools, banks can also enhance the speed, accuracy and quality of identification services that they offer to customers.
Our solutions are particularly relevant to SAP systems, where the sensitive data often contained within them is increasingly coming under attack from external hackers and internal corporate security breaches. Furthermore, once inside a SAP system, it is easy to navigate from department to department without check. Fujitsu’s PalmSecure technology, developed in partnership with real-time North America, has developed a biometric solution which requires rigorous sign-on and regular re-authentication processes within a work session, as well as ensuring that the user has the appropriate security level and approvals which have been pre-determined as required to conduct transactions within a given area of the system.
At Fujitsu, we think that deployment of biometric technologies is still in its infancy, yet it will become more commonplace. Customers will become increasingly comfortable in using it, particularly as other industries – such as mobile telecommunications – hurry to embrace it. But we also think that a key driver of its adoption lies in its strengthening of security, thereby helping banks stay one step ahead. After all, as Dylan put it:
There’s a battle outside
And it is ragin’
It’ll soon shake your windows
And rattle your walls
For the times they are a-changin’.