Towards Biometric Banking?
How many online accounts do you have? Do you remember the passwords for each of them? What was the name of your mom’s first pet? Do not forget to regularly change your password and remember: use capital letters as well as numbers and symbols, but you cannot reuse a former password, that would be too risky!
We all have been through this. Passwords are the most common method to secure our online accounts, from email to shopping and banking. However, how many times have we hit that “Password forgotten?” button? You may have smiled, recognizing yourself in that situation, but what if you could just forget about all of this as you could access your online accounts via a simple, yet more secure method? We are already quite familiar with unlocking our smartphones with fingerprints or facial recognition. Biometric authentication is now coming to banking.
Biometric payments, already the norm in China?
Black Friday, Cyber Monday, Boxing Day… all well-known days. However, do you know China’s Singles’ Day?
China, 11th of November 2018: the world’s largest shopping event. In a day, Alibaba recorded a whopping $30.8 billion in transactions: that is more than Black Friday and Cyber Monday combined. For the record, that is 27% more than last year’s event, with a reported $10 billion generated in over an hour via Alipay, Jack Ma’s online payment solution.
What is even more interesting is how Chinese consumers paid during this event. Indeed, 60.3% of them paid via fingerprint scanning or by taking a selfie thanks to Alipay or its main competitor, WeChat Pay. Both solutions boast more than 1.5 billion users worldwide, even though mainly located in Asia. Otherwise put, 1 out of 3 Chinese use either Alipay or WeChat Pay, compared to a mere 5% for Apple Pay.
Using biometric authentication such as face or fingerprint recognition to make payments is quite new in China, as Alipay started payment via fingerprint in 2014. However, the rate of adoption is soaring: according to a survey of China’s Payment and Clearing Association (CPCA) conducted in 2016, nearly 95% of the interviewees declared they “knew about” fingerprint recognition. Also, while 70% of users were comfortable paying via their biometrics in 2016, they were 85% the year after.
Biometric payments appear to be the norm in China. Are we looking at the future of banking? Could we imagine a future where banking operations are done without passwords?
The same study from the CPCA unveils some issues: from 50% of the respondents in 2016, they were 70% in 2017 to express concerns over security using biometrics payments. Also, 77.1% of the people surveyed in 2017 were concerned about privacy issues.
A trend also observable in the USA
What about other places? Looking at the USA, the trend is alike. In fact, a study from the Federal Reserve showed that even though more than 67% of the US adult population owns a smartphone – that is an Internet-enabled phone – only 43% of them use mobile banking, the main reason behind being concerns about mobile banking security. In fact, 67% of the interviewees declared that technology security was the main issue for them not to use mobile payments, and a whopping 73% do not use mobile banking for the same reason.
Source: Federal Reserve study
Additionally, more than 95% of online attacks are made via stolen passwords, one of the most common way to secure one’s online banking account. Therefore, the use of biometrics is more than relevant to address these concerns, as it can give customers a strong proof of high security standards for mobile banking and payments.
The use of biometrics by major banks is already underway. Citi partnered with NICE to deploy voice recognition. The solution developed by NICE can identify someone using several vocal patterns, understanding pronunciation, accents, voice tone etc. When customers call the bank, they are identified in real-time, within 15 seconds and without having to answer the traditional security questions.
Bank of America Merrill Lynch integrated fingerprint and facial recognition to its CashPro banking platform to offer a seamless experience on their application. CashPro boats nearly half a million active users today, and more than 28,000 payments approvals were made through it during the first quarter of 2018: that is 188% more than the year before.
Biometrics in European banking, the necessary innovation pushed by new digital usages but also by law
The European Commission rolled out its Payment Services Directive 2 (or PSD2) to make online payments more secure. The Directive will be revised in September 2019 to end the text confirmation method whenever an online payment is made. In France, 85% of online transactions are being validated via this method, which is deemed not secure at all according to the European Commission: a credit card and a smartphone can be stolen at the same time.
Also, the One-Time Password (OTP) method via 3D Secure – when you receive a text to confirm you online payment – is not only thought as less and less secure, it is also seen as a hinder in terms of user experience. In fact, a study from MasterCard showed that 33% of payments initiated with 3D Secure are abandoned, and six out of ten considered they missed a buying opportunity because of that method. Finally, more than half of the people surveyed by MasterCard wanted to see passwords replaced by a more convenient solution.
Biometrics can be the answer users are looking for. While some concerns arise from banking industry professionals as to whether they would be ready by 2019 to implement PSD2 and provide a better strong authentication method, 92% of them are willing to adopt biometrics but only 36% think they can offer an acceptable experience.
The first step towards biometric banking in Europe can be seen through the biometric card. Gemalto, a major supplier of Europay Mastercard Visa (EMV) cards, launched with Bank of Cyprus biometric cards, with which fingerprint recognition is used instead of a PIN code. Simply put, whenever customers want to pay via card, they just have to put their finger on the card sensor to authenticate themselves and allow the payment.
Source: MasterCard
French banks are also experiencing biometrics, with La Banque Postale offering a Talk to Pay option, allowing online payments via voice recognition. The BPCE group is also studying voice recognition, having secured a CNIL authorization in 2017. Finally, the Crédit Mutuel Arkéa group is also experiencing biometrics, especially eye recognition, vein recognition and behavioral biometrics.
Between user experience and security, a challenging equilibrium yet to find
Biometric banking is coming, one step at a time. At JP Morgan Chase for instance, customers can use fingerprint recognition to access their mobile application but are required to use a password for online money transfer. So, what is impeding biometrics in banking? Let alone data privacy concerns, the main challenge appears to be finding the right balance between user experience and security.
Choose the path towards more security and you will find methods such as tokens and passwords. However, tokens are often lost and passwords often forgotten, which will in return make your user experience terrible.
Choose the path towards a fluid and simple user experience and you will find method such as Near Field Communication (NFC) or contactless payments and dynamic Card Verification Value (CVV, the three numbers at the back of your credit card). However, it is quite easy to steal a NFC card through a NFC reader and the dynamic CVV is deemed useless should the card be stolen. In other words, security will be weak.
Biometrics can change that, as it can offer a seamless and secure experience. Biometric banking is coming, but it will arrive should customers be ready and accept it. Users are more and more used to biometrics now, and security of biometric authentication is increasing. In fact, a joint research from Oxford and MasterCard lead to the development of the Five Factor Framework. Based upon five criteria (modality performance, usability, interoperability, security and privacy), it is designed to evaluate and facilitate the implementation of biometrics in banking.
The Bank of the Future might be lying underneath: closer to you, safer and user friendly. Is it too soon to announce that? Is it too farsighted? Is it really happening? One can say that but remember when fingerprint authentication on a smartphone was a revolution? That was more than 7 years ago.