You only have to look through the newspapers of late to see that the biometrics revolution is well and truly entering the mainstream. From voice recognition, to fingerprint and retina scanning, many industries are poised to, and in some cases, already benefiting from new authentication technologies.
A beacon of best practice
The banking and payment services industry is facing a new era of innovation and compliance. Many banks are now required to deal with the Payment Services Directive (PSD2), a new EU initiative that sets out to standardise and improve the efficiency of payments across the EU. This will open up a whole new wave of strong authentication measures for the industry – which is much needed in today’s digital economy.
The online banking practice is one that is intrinsically tied to the identity of the user. Think of that goldmine of information that banks are entrusted with - account numbers, credit card details, addresses and telephone numbers. It’s not just financial fraud that could be at play here - but widespread and potentially damaging identity fraud. With our identities up for grabs by savvy hackers, the future of authentication must be one where identity is firmly placed at the heart of new security measures.
By implementing systems that focus on a customers’ identity - whether fingerprints, facial recognition or voice recognition, banks can offer returning customers a fast and convenient service and can mitigate customer losses. This point is crucial, especially in light of recent comments made by Sir Bernard Hogan-Howe, chief of the Metropolitan Police, suggesting that victims of cybercrime and online fraud should not be refunded by banks if they fail to take the necessary measures to protect themselves online. Whether you subscribe to Hogan-Howe’s thinking or not, his comments were largely informed by the rise of poor and inadequate password protection measures taken by many consumers across the UK.
But the problem isn’t necessarily with remembering passwords or clumsily using a ‘1234’ password across multiple accounts; it’s passwords themselves which are an outdated method of authentication. It is therefore encouraging to see so many of the UK’s high street banks taking tangible steps to create a new, secure access management infrastructure for their customers. It is not just the responsibility of the consumer, but the service provider to promote secure authentication, after all. The fight against cybercrime must be one of collaboration.
With the retail banking sector leading the way in rolling out alternatives to passwords, what can other industries learn? More importantly, are we seeing other sectors adopt new methods of authentication fast enough in our digital economy? Inroads are certainly being made, with President Barack Obama recently announcing plans for US federal government staff to benefit from multi-factor authentication. This is part of a wider initiative where $19 billion has been proposed for increased cyber security measures across public sector departments.
Furthermore, consumer-facing brands such as Google are protecting customers with two factor authentication. A two-factor authentication process typically requires customers to authenticate using their phone- something they “have” in addition to an existing password- something they “know”, which will result in a code being sent to the phone number when a login is requires. This facilitates a fast and more secure means of accessing an account.
Momentum and awareness is clearly building across multiple sectors to facilitate the ‘post-password’ era. However, more can be done, and we hope to see more financial institutions and other areas of industry follow in the footsteps of HSBC, MasterCard and RBS. Identity- defined security should not be a bolt-on or afterthought but rather the first line of defence in retaining customer loyalty and preventing financial fraud, today and for years to come.