Biometrics not yet ready for banking transactions

Biometric technology will not be ready for banking transactions before 2016, although the technology is maturing fast and ready to support some identity applications, one security expert said. “Biometrics will play a major role in de-duplication of registrations and enrollments, as they have the potential to ensure that a person can be enrolled once and there can be a secure binding between them and their credential,” Colin Whittaker, head of security at U.K. payments association APACS, said. “But don’t expect them to biometrically verify themselves to the credential anytime soon everywhere.” Whittaker said voice biometrics looked promising, but replacing the PIN was a far more challenging proposition. “Voice biometrics is relatively low cost as it uses the existing phone network, it’s non-invasive, avoids the need to keep secrets and it’s a natural method of human recognition,” he told AusCERT 2008. “But there are challenges related to background noise, forgotten or mispronounced pass-phrases, aging or sickness and differing voice formats.”

Biometrics could add a third security factor to existing chip and PIN systems, but “while we’re worried about consumers writing their PINs on their cards, what will happen when consumers leave their biometric — their fingerprint — on the card?”. Fingerprint biometrics can be stolen or faked, while proprietary algorithms underpinning many systems are causing interoperability problems. In addition, the cost of deploying scanning terminals and unreliability of using biometrics at a busy ATM, for example, are obstacles. “If there is a false match, oops, you’ve let the bad guy through,” Whittaker said. “If it’s a false reject or non-match, oops, you’ve rejected a valid customer.” Financial institutions may come under pressure from consumers and retailers to introduce biometrics sooner due to increased fraud levels, political or media pressure, and new technologies such as multi-function smart cards.