Biometric identification is theoretically far more secure than simple ID and password because you know it is the account holder at the end of the line, at the terminal terminal, while anyone can steal an ID and password. Three factor digital identification was considered the ultimate system:
Source & Copyright©2008 - Smart Card Alliance
Physical and voice recognition systems are now widely available, including:
- Scanning fingerprints, irises, faces
- Scanning blood flow in a finger, e.g. Barclays Biometric Readers, see
- Voice recognition, e.g. HSBC voice recognition security system.
Barclays claim that their solution eliminates the need to remember PIN and passwords AND, critically for the corporate treasury department security manager, also removes any PIN/password sharing.
BUT this ‘front-door’ security is not enough, Barclays have developed a model that provides much better risk mitigation using multi-layered security. Solutions include:
- session monitoring
- preventing phishing and PC takeover
- payments profiling which identify fraudulent transactions.
Behavioural biometrics are coming of age
The new dimension in security solutions is behavioural biometrics in which, as in the Barclays security model, the user’s behaviour is tracked to see whether it is normal, e.g. is the rhythm of data entry normal? is this a normal payment for this organisation?
In their recent paper, Behavioral Biometrics - Improve Security and the Customer Experience VASCO define Behavioural Biometrics as:
- “capturing a user’s patterns of typing, swiping, and mouse behavior, etc. It then converts that activity into a behavioral “fingerprint”. Behavioral biometrics compares the user’s subsequent behavior against the behavioral fingerprint stored in their profile.”
An important element of behavioural biometrics is that it can be used continuously. Vasco believe that , “Behavioral biometrics support contextual authentication by monitoring a user’s activity during a session. Monitoring, and where appropriate authenticating the user during a session can help weed out sophisticated cybercriminals with the ability to overcome a bank’s initial login security measures, or insert themselves during a session. One of the strengths of behavioral biometrics is that it runs continuously; if a session is taken over by a fraudster, it will be detected. “This is superior to a solution that only authenticates a consumer one time at the beginning of a session.”, claims Shirley Inscoe, Senior Analyst with Aite Group.
In the corporate treasury department too?
Aite’s Inscoe believes that behavioral biometrics has staying power because, “Cybercriminals have been able to defeat every safeguard that financial institutions have implemented over the years, so anything is possible. However, behavioral biometrics will be more difficult to overcome because each individual has a behavioral profile, which is constantly compared to activity being performed during a session. As long as the analysis is taking place, and the financial institution is acting upon the results promptly, the fraudsters should be thwarted.”
The improvements in fraud prevention from using behavioural biometrics are proven and long lasting. When will corporate treasury system suppliers adopt them too? Surely the level of losses in some corporate treasury departments warrant a new approach?
Behavioural biometrics is changing the fight for online security
Robust authentication processes are the only way to fight and prevent online fraud and behavioural biometrics is being increasingly looked at as a way to deliver secure, reliable authentication
Biometrics is the answer: what is the question?
Identifying who is really there is the question. The answer is new form of multi-factor authentication
Biometric recognition is coming, solving the ID problem everywhere? Not just yet..
Face, finger print, intra-vein, voice, iris readers for biometrics recognition are now available, but which should you use? And where?