The European Banking Authority (EBA) recently confirmed that behavioural biometrics is a suitable technology for strong customer authentication for compliance with the Payment Services Directive 2 (PSD2). The use of biometrics has already on the rise and has been adopted by most Millennials. With the introduction of new financial regulations - PSD2 & 3D Secure 2.0, this is likely to increase as the technology becomes more accessible.
In terms of biometrics, there are two separate types which can be used for the identification process. Hard biometrics are the most well-known, for example, facial recognition, fingerprints and iris scanning, but there are also soft biometrics - behavioural characteristics which are personal and unique to each individual, such as how people type, move their mouse or hold their smartphone.
Avoiding digital isolation
As we continue to see a rise in the use of biometrics we need to ensure that we don’t isolate pockets of society that don’t have access to these technologies. The EBA has already released a report on the potential monopoly of device manufactures around biometric technologies. But would all areas of society have access to these devices, and what about those who don’t have access to smart phones?
According to Deloitte 85% of the UK have access to a smartphone – so what about the other 15%? Banks need to ensure that their customers are able to authenticate against their expectations as well as the banks. Using multiple authentication methods can be a better approach from both a customer experience and security point of view.
Are biometrics secure on their own?
Recently, security limitations around biometrics has been a focus. Using just one type of biometrics on its own is not 100% secure and should not be used for something so sensitive as a payment method. In some cases, fraudsters are calling financial institutions, claiming their biometric method is broken and they’ve forgotten their password, bringing biometrics directly into the traditional fraud models around identity fraud.
In order to guarantee fraud prevention, hard and soft biometrics must be combined with advance machine learning - something we call Intelligence Driven Authentication. PSD2 requires two factors for strong customer authentication, and biometrics falls into inherence or ‘something about you’ category. The event based authentication that the Callsign platform provides, uses biometrics alongside thousands of data points to ensure identity. Meaning organisations can understand their customers’ profiles in order to guarantee the security of their information whilst reducing false positives.