Fighting criminals with Biometrics

Banking fraud is a problem as old as banks themselves. Frauds against UK online banking customers netted £60 million in 2014, a 48 per cent increase on losses in 2013, according to Financial Fraud Action UK, an industry body. The organisation warns that individuals are leaving themselves open to fraudsters, by falling victim to phishing e-mails asking for account details or by failing to install effective anti-virus software.

And, with more than half the adult population now using online banking, fraud is likely to grow. Rising losses and the distress caused to customers are prompting banks to look at more robust security measures, including biometrics.

A problem banks face is that online fraud has grown as banking and financial services have become more anonymous and automated.

As one expert in the sector points out, in the days of personal banking and local branches, we had a very effective form of biometric security: a bank manager who recognised their customers. If a bank teller became suspicious of a customer, he or she could call on the manager, who would vouch for the customer or raise the alarm.

Online banking takes away that personal relationship, forcing banks to rely on passwords and other electronic security measures. Unfortunately, passwords are easy to forget and also easy to crack.

`Banks have been overly reliant on PINs and passwords since mainframes first came in, in the 1950s,` says Mike Wood, a director at IT firm Unisys. `Banks then moved to PINs and 'memorable' information. Unfortunately that information is often instantly forgettable and people can't recall it when they need to. It is flawed.`

To help us remember PINs and passwords, we write them down on sticky notes, store them in spreadsheets or reuse the same passwords over and over. All this makes life harder for the customer, but easier for the fraudster.

Banks' attempts to bolster security, though gadgets such as PIN readers or security dongles, only add to the inconvenience. `These things are complicated, so often we just won't use them,` says Mr Wood.

Biometrics are, at least on paper, hard to hack, but also convenient to use

The problem is becoming worse as consumers start using cards and mobile phones for contactless payments on the move. In the UK, contactless payments have no authentication at all if they are less than £20; it is sufficient for someone just to have the credit or debit card.

Phone-based payments could, potentially, support higher-value transactions, but only if security can be addressed. Anything more complicated than entering a standard, four-digit PIN probably will not appeal to consumers trying to pay with a smartphone. Requiring them to enter a strong password – even if they could remember it – might make them abandon the transaction.

This is prompting banks to look for alternative security measures, ideally those that are both hard to hack and easy to use.

Read original article