Cyber security used to be almost a box ticking exercise at banks, a boring compliance task. No more. Today it is a board level consideration as the scale of the attacks, the amount of damage and the sophistication of criminal hackers escalate.
Morgan Stanley and JP Morgan have had serious security breaches in recent years and months, resulting in millions of records becoming public. And Swift, the system banks use to send payment instructions worth trillions of dollars each day, was hacked at least three times over the summer. At Sibos, its annual conference, Swift announced the introduction of a set of security standards and an associated assurance framework for its customers.
Meanwhile new cyber security regulations for banks proposed in New York would require financial institutions to implement measures to detect and deter cyber intrusions and protect consumer data.
So it is little wonder that the heads of global cyber security at major banks are shopping for new technologies to shore up their defenses. And biometric solutions are among those at the top of the list.
“Banks are recognizing that there is a need to step up efforts and innovation and combine these two,” says Michael Dooijes, Startupbootcamp FinTech & Cybersecurity’s Amsterdam-based managing director and a former head of the ventures and innovation team at Rabobank, of the largest banks in the Netherlands.
Biometric technologies that authenticate users via their eyes, face, voice or gestures help financial institutions kill two birds with one stone: they are supposed to be harder to hack than passwords and they take the pain out of user authentication, helping banks retain customers, including millennials who are increasingly bypassing banks to do peer-to-peer and other financial transactions through start-up apps or social media.
Big banks have been interested in biometrics for years but the tech has only recently become sufficiently accurate and cost effective to use at scale, in part due to the fact that mass market phones, such as some iPhone models, have touch pads that can scan fingerprints. The more people become accustomed to biometric security through services like Apple Touch ID, the more they expect those sorts of measures to be implemented by their banks.
Banks are responding to that demand. India’s Yes Bank announced in October that it is introducing iris-scanning biometrics technology for both point-of-sale and ATM use, in the U.S. Bank of America, Chase and PNC are offering fingerprint sign-in. Several banks, including Citi, are testing voice recognition, Mastercard and Lloyds have introduced facial recognition “selfie” biometrics, Barclays has launched finger vein scanning capabilities, Halifax, a British bank operating as a trading division of Bank of Scotland, has tested a heartbeat verification system and Denmark’s Danske Bank has deployed behavioral biometrics technology.
The Innovator’s take? Expect more banks to embrace biometrics. Biometric solutions are likely to be combined with other technologies, such as distributed ledger, for the establishment of digital IDs and exchange and protection of personal data.
That is the case of a program led by banks in Canada that is being hailed as the largest privacy-by-design consumer digital identity service initiative to date.
When fully launched in 2017 the Canadian program will build on top of the secure digital ID that banks have already established nationwide with the help of SecureKey, a start-up specialized in secure identity and authentication. In addition to blockchain technology SecureKey uses biometrics to ensure the identity of the person logging in. (see How Blockchain Will Allow Banks To Become Brokers of Personal Data.)
Below find six biometric start-ups to watch:
What it does: context-aware mobile biometric security authentication
Why it’s hot: The company uses a combination of behavior, facial and voice recognition to verify a user’s identity. It was chosen to participate in the first cohort of CyLon, the UK cybersecurity accelerator, and was a winner of an acceleration award in a recent UBS Future of Finance global start-up competition.
What it does: Uses the way a customer types, swipes and holds their devices to authenticate their identity through their own behavior pattern.
Why it’s hot: Allows users to choose an authentication method based on a selection provided. The company won “Best European Fintech Company” and “Best Risk, Intelligence and Security” company at the 2016 European FinTech Awards.
What it does: Encap’s platform allows banks to add authentication methods, such as Apple’s Touch ID and Samsung’s fingerprint sensor, as they become available and allows customers a choice on what type of authentication they want to use.
Why it’s hot: Its platform has been selected by Norway’s BankID for a pilot program to test in-app authentication. BankID is now used by 80% of all adults in Norway to prove their identity to various organizations, including all government departments, and all of the country’s banks and mobile operators. Encap Security was acquired in June and is now owned by the U.S.’s Allclear, a provider of identity theft repair and credit monitoring services based in Austin, Texas.
Kansas City, Missouri
What it does: Eye-based mobile biometrics, using eye veins and other micro-feature in and around the eye for authentication.
Why it’s hot: The company claims that over 45 financial institutions have launched Eyeprint ID, including Ant Financial, the payments affiliate of China’s Alibaba, which is using it to secure hundreds of millions of consumers’ online data and transactions. EyeVerify was acquired by Ant Financial in September 2016 and is now a subsidiary of that company.
Tel Aviv, Israel and London, England
What it does: provides secure online authentication through face verification, protecting against theft or phished biometric credentials on smartphones, laptops and tablets.
Why it’s hot: It was the winner of the Cybersecurity & Biometrics prize in the 2016 KPMG Innovation Challenge in January of this year. It also won a fintech innovation challenge organized by Sony and as a result was chosen for a proof-of-concept project at Sony Financial Services.
Tel Aviv, Israel and Palo Alto, California
What it does: authenticates mobile users by analyzing their touch screen habits.
Why it’s hot: It aims to increase conversion on mobile apps and websites by eliminating the time spent on passwords and SMS verification, while simultaneously reducing fraud.