Biometric authentication enables processes as simple as unlocking a smartphone and as complex as streamlining airport security checks. With that in mind, FIs are currently looking into the technology and considering what role it can play in cracking down on money laundering and facilitating KYC checks. This month’s Deep Dive explores biometrics’ viability in their security efforts.
Onboarding Security
More than 13 billion U.S. records were lost or stolen between 2013 and 2018, thereby driving up application fraud rates and costs. Some estimates project that credit card and deposit account application fraud will cost U.S. banks as much as $2.7 billion in 2020. The banks working to increase application security and cut back on these expenses must do so without introducing frictions that could deter legitimate customers, however.
Biometrics could be useful in such a scenario, as it removes traditional passwords and PINs, providing a relatively streamlined onboarding experience. These technologies are particularly successful at thwarting fraudsters, as bad actors can no longer use stolen information-based login credentials or spoofed device IDs to access customers’ accounts.
Individuals without traditional government-issued identification documents can also benefit from biometrics, as the technology essentially gives them a form of identification. This was one of the driving factors behind India’s biometric-based Aadhaar identification project, which provided such services in a country where forged documents had become common and more than half a billion citizens lacked IDs. Banks could accept Aadhaar as a form of ID starting in 2014, and one study suggests the move and other initiatives increased financial inclusion among Indian adults by 20 percent between 2014 and 2015.
Greater financial inclusion often makes AML efforts easier, as consumers without bank accounts are forced to rely on difficult-to-trace cash. Enabling these consumers to join the formal, regulated financial system could increase the number of traceable transactions, thereby boosting transparency and making money laundering more challenging. Governments and private providers wanting to promote these biometric services must assure users that they will securely handle their personal data, however.
While it may provide easier onboarding for some consumers, others could view biometrics as a barrier. Diseases such as leprosy can cause damage to the iris and fingers, which impedes eye- and fingerprint-based based scans, for example. Indian residents with similar issues have been denied necessary services after being unable to enroll their data into Aadhaar.
Transactional Security
Biometrics can also impede cross-border money laundering, though. Fraudsters may be able to forge passports, but it is far more difficult to fake biometric credentials such as fingerprints or facial patterns. That is especially true if the security measures mandate liveness detection, which ensures genuine consumers are physically present for transactions rather than holding up photos or masks of their faces.
Fraud can also be combatted at biometric-enabled ATMs, at which some banks have installed facial recognition or palm vein scanners. Financial services giant Visa has been trialing its own solution – EMV-enabled credit cards with fingerprint scanners – to allow customers to bypass signatures and quickly verify their identities.
Biometrics may help FIs serve individuals with cognitive impairments like dementia, too. These individuals may struggle to remember passwords and PINs, which biometric access removes from the process.
Limits and Considerations
Financial security is a complex issue that biometrics cannot resolve on its own, however – and that’s true no matter how useful and convenient the technology may be. Biometric data must be accurately collected upon enrollment and securely stored and transmitted if a system is to recognize a customer. Businesses must also use robust encryption and other security measures to protect those databases and ensure that fraudsters cannot gain access. A customer can change a password that becomes compromised should a hacker breach defenses, after all, but cannot change their thumbprints or faces should such information be stolen.
It is possible for the human body to undergo temporary and permanent changes, too, meaning stored biometric data may not forever align with what is presented. Fingerprints can fade as people age, for example, making it difficult for scanners to read them. Traditional passwords, on the other hand, will always perfectly match with what a company has on file.
FIs looking to improve their KYC and AML processes are debating whether to add biometric solutions to their arsenals, including whether applying this additional layer of security outweighs the risks should something go wrong. No technology is without flaws, though, and there will always be limitations to take into consideration.