Five trends of authentication technology to enhance transactional security

 As digital devices and software applications become more and more pervasive in our daily lives, the more we need to worry about data security. During the past few years, hackers have released some especially powerful forms of malware and ransomware that threatened businesses throughout the world by stealing their internal data or disrupting their operations. 

Consumers might believe that they don’t need to worry much about these attacks, since they are being directed against corporations and factories. But hackers have regularly proved they are determined to access the personal data and transaction records of individuals.


As a result, businesses around the world are prioritizing protection of customer data. Banks, most of all, are paying a lot of attention to data security. One result is development and implementation of five new technologies to verify user identity to enable digital transactions, including use of ATMs.  These new authentication technologies will raise the bar for digital banking security, so that customers can bank online with ease, confidence and safety. 

 

Finger scan authentication has already become widely familiar since 2013, when Apple’s Touch ID system was launched with the iPhone 5s. Competitors soon rolled out their own versions. Now five other authentication methods are being developed and implemented for digital banking

 

1. Iris Scanner
 

TSB Bank of the United Kingdom claimed to be the first financial services provider in Europe to implement the use of iris scanning authentication. A customer using the bank’s mobile application can scan an image of his or her own eye to log in and enable transactions.


The iris scanner uses both a phone’s camera and its infrared LED. The camera captures the image of infrared light reflecting on the user’s iris. This capability is supported only by certain smartphones, such as the Samsung Galaxy S8 and S8+. The user simply looks at the smartphone screen to log in to the bank’s app automatically. 


An iris scan is a highly secure way to verify a person’s identity, even more so than a fingerprint scan or voice pattern recognition. The human iris has 266 unique patterns, whereas a fingerprint has only 40. Nevertheless, one hacker claims that he can deceive an iris scan by printing a photo of an iris in night mode, placing a contact lens over the photo, then scanning it. As a result, this technology is still being scrutinized. 

2. Voice Recognition Security System
 

Voice biometric authentication identifies an individual based on the patterns unique to each person’s voice. 

 

Barclays and other banks in the United Kingdom have launched voice authentication systems for trial use by customers. After the user utters a service request, the system analyzes his or her voice and instantly matches it to the right account. This lets a human customer service representative skip the hassle of asking for customer information before handling a request.



Nevertheless, this technology has been found to have a vulnerability. After HSBC began using voice I.D. for customers in the U.K., a BBC reporter fooled the system in 2017 by mimicking the voice of his non-identical twin brother, who was a bank customer, gaining access to his account. This generated skepticism about the safety of voice recognition. 

 

Prof. Alan Woodward, security system expert at the University of Surrey, told the BBC that it is dangerous to rely on only a single biometric system for security, since patterns can be hacked, as in past cases where fingerprints were copied from imprints on gummy bear candies or via photograph. He advises using an additional layer of information such as a PIN code entered by the user.  


3. Palm Vein Pattern Authentication

 

Since a fingerprint scan can be hacked, researchers turned to scanning the user’s entire palm for authentication. The system records the pattern of veins in the hand, and is safe and accurate. The user does not need to directly touch the device.

Fujitsu, the Japanese computer company, is a leader in this technology. From 2004 onward, a number of leading Japanese banks began using palm vein authentication devices to log in customers. The system allows customers to perform a transaction without using an ATM card or passbook. It is also used in banks’ internal operations to prevent fraud. An accuracy test found that the system’s error rate was only 0.00008%. 


Brazil’s Banco Bradesco, which uses the Fujitsu system together with ATM cards and user codes, found that it authenticated some 700 million transactions without a single instance of fraud. In contrast, transactions authenticated via account code, PIN or citizen identification number did result in errors and fraud. What makes it so secure is that the vascular patterns of the hand are a unique physical identity that cannot be easily imitated or changed. Furthermore, this technology has helped reduce influenza contagion, since it does not require physical contact.

 

4. Geolocation

One new technology that does not involve biometrics is geolocation, which identifies the user’s location online in real time. This information then allows authentication with accuracy that is said to be greater than using biometric systems. A Hong Kong-based startup named Pulse ID is one company developing this type of system. 


5. Facial Recognition
 

Apple turned to facial recognition technology with the launch of its iPhoneX model in 2017. The company said that facial recognition had a low error rate of 1:1,000,000, compared to 1:50,000 for fingerprint recognition. 



Other companies are also adopting facial recognition. Three banks, Lloyds, Halifax, and Bank of Scotland, collaborated with Microsoft to roll out a system to authenticate customers who log in to their banking websites via computers using the Windows 10 operating system. 


Following in the wake of Apple and even earlier pioneers, other smartphone makes will roll out their own facial recognition systems in the near future. This will certainly impact financial service providers and mobile transaction platforms. Just a few years ago, this technology would have seemed “futuristic.” Already it’s becoming part of our daily lives.