THE BLOG

Biometrics - Gambling With Identity?

20/10/2016 16:20
Maciej Frolow via Getty Images

Finger print recognition, iris scans and facial recognition are no longer just the stuff of science fiction novels. In recent years, all of these technologies have been adopted by some of the highest profile high-street banks and credit card companies to 'identify' their customers and make accessing online services quicker and easier. Imagine, completing an online purchase without the need for PIN codes, passwords or confirmation codes. Instead, simply downloading an app to your PC, tablet or smartphone and taking a 'selfie', which is checked against a stored image on file.

And we seem to have an appetite for them too. Having become accustomed to the thumb-print authentication feature in the iPhone 5s, it would seem that we are now happy to put our trust in biometric technologies. Visa can verify this, having recently issued a report claiming that the British put more trust in their banks than the government when it comes to identifying themselves via biometrics. The report says we are almost twice as likely to trust banks to keep our biometric data safe. Visa also reported that nearly two thirds of us say we are willing to use biometrics as a method of authentication.

However, how many of us have looked into whether biometrics are really secure for authenticating ourselves? Working in the payments industry, I'm often asked whether they truly offer a safer alternative to pin numbers and passwords. And my answer is, hand on heart, not yet. That's not to say the technology isn't making great inroads, or that they don't make a very reliable and convenient way of secondary authentication. But personally, I wouldn't set up biometric authentication as the only barrier between someone else and my finances. While Dan Brown's macabre example of a severed finger in Angels and Demons might be a little extreme, it's not the only way to spoof access. A simple demo by a security expert at a trade show with Play-Doh made that clear for me earlier this year.

The trouble for me is that, with identity, there's no margin for error. A password can be easily changed, but a face, fingerprint or voice isn't so easy. This technology needs to be completely secure and tested before it is rolled out as a primary or sole method of identification for banking.

Banks, payment service and card companies need watertight methods of storing biometric data securely before they play with people's identities. Devices like phones and tablets are notoriously prone to attacks from cyber criminals, especially when we override security settings or use unsecured public WiFi when paying for things or logging on to banking.

Currently, with pin and password authentication standards already exist to protect consumers against liability when things go wrong. What's not clear with biometrics is whether liability will shift - and who too? Quite simply, we're in new territory here.

What's clear is that whilst an appetite for the simplicity that biometric authentication brings is here, we just need to ensure that the security technologies it is based on are bulletproof. If handled right, biometric data could pave the way for a more secure, easier way for us to transact online. It could hopefully, eventually eliminate fraud for all. But who wants their personal finances to be the testing ground for these new technologies when simple issues like who holds liability have not yet been fully established? Not me. I'll be watching this space closely over the coming year, but won't be staring into an iris scanner in the process. Not just yet.

www.computop.com

Comments

CONVERSATIONS