Breaking Barriers to Biometrics

The personal nature of biometrics makes it very attractive for security applications. But in the rush to incorporate biometrics into the self-service channel, we can’t overlook some important considerations. Will consumers accept the technology? How will you authenticate users? How will you store members’ data? And what will the future bring?

The viability of biometrics in credit unions would not be possible without a critical shift in consumers’ mindsets. Once considered intimidating, biometric applications have become more widely accepted. A recent high-profile, consumer-facing advancement – the thumbprint scanner on Apple’s iPhone 5s – has further alleviated consumers’ apprehension. With biometric sensors literally in the hands and pockets of consumers, applications for authentication and identification are logical next steps.

In retail banking you’ll find proof of self-service biometrics’ acceptance the world over. In Brazil, more than 55,000 ATMs with integrated fingerprint readers allow users to authenticate themselves using this unique personal attribute. Such readers were first deployed in South Africa in 1996—they’ve been accepted for nearly two decades in that country. And since the mid-2000s, U.S. consumers have been using biometrics (such as iris, face and fingerprint scans, and hand geometry identifiers) to access their safe-deposit boxes.

As more applications enter the market, consumers will likely be more accepting of biometrics in their daily lives. And they’ll be more willing to engage and trust the platforms wherever they appear.

A common perception among consumers is that biometrics is a more secure form of authentication. And it is. But not if it is the sole identification factor required at a self-service device.

Requiring a single identity factor – a fingerprint, password or card, for example – for a user to gain access to a system only answers the question, “Who are you?” Therefore, a perpetrator would only need to acquire a single factor to compromise someone’s account.

Conversely, multi-factor authentication answers a more difficult question: “Are you who you claim to be?” It requires a user to present at least two factors of identification to verify his or her identity. Each factor augments the certainty of the user’s identity.

Consumers can achieve multi-factor authentication through a combination of two or more of the following factors: 1) something they are (one’s fingerprint, iris, retina, face or voice); 2) something they know (a PIN or password); 3) something they have (a card, key fob or ID badge); and 4) something they’re assigned (a name or Social Security number). With more factors required, would-be criminals will need to obtain and match more data sets to compromise a system. And, when one of the required factors is biometric data, the rate of successful fraud will surely plummet.

The greatest security feature of biometrics is that they’re personal. They represent the individual. And it’s very difficult to duplicate an individual’s biometrics. Still, data can be breached, and consumers are worried about where and how companies maintain their biometric data.

Addressing these concerns, technology developers are exploring alternatives to a credit union storing members’ biometric data. One possible solution is for members to keep a digitized version of their biometrics on a personal device. This multi-layered security approach places two keys – one’s physical attributes and the digitized version of those attributes – in the sole possession of the member. The member would use both keys at a self-service device, and the credit union would retain no record of the member’s biometric data.

Biometrics shows great potential to improve security and enhance efficiencies for self-service applications both inside and outside the branch. Biometric applications that rely on fingerprint, hand and face scans are already in place for a growing variety of applications, including personal computers and mobile devices. Voice and retina recognition will also be part of the future, as these highly accurate, highly secure technologies don’t require physical touch and are becoming seamless in their applications.

A few barriers exist before U.S. credit unions can realize more widespread adoption of biometrics, including moderate social acceptance, lack of technology standards, minimal established infrastructure, high costs and accessibility considerations. Still, we can expect self-service biometric applications to become more and more prevalent over time.

Frank Natoli Jr. is EVP/chief innovation officer for Diebold, Incorporated, N. Canton, Ohio, where he oversees the activities of the company’s global research and development organization, including oversight of collaboration among all of Diebold’s global engineering, marketing product management and technology groups. Additionally, he is responsible for leading the vision and future development of interconnected technologies and solutions.