Authentication Advances May Finally Kill Passwords and PINs

Authentication Advances May Finally Kill Passwords and PINs

More than two decades since a New Yorker cartoon joked that "on the Internet, nobody knows you're a dog," banks are finally replacing old and not-so-reliable methods of authenticating customers — passwords and security questions — with sophisticated alternatives.

Voice biometrics, fingerprint detection, facial recognition and device ID are graduating from the pilot phase to wider deployment at a handful of financial institutions. And more innovative methods, including authentication based on smartphone activity, are being tested in university research labs. If successful, these technologies could deliver the combination of security and convenience that has eluded banks in their struggle to verify user identities and keep out impostors without hassling true customers.

The shift to next-gen authentication methods has been made possible by the convergence of several trends. One is the ubiquity of smartphones with high-quality microphones and cameras that make voice and facial recognition easy, and the availability of Apple's Touch ID fingerprint reader on iPhones for finger scanning.

Public awareness of data breaches and fraud issues has made consumers more willing to provide fingerprints, voiceprints and selfies to secure their financial information. And while financial institutions are driven by the need to make their growing volume of mobile and online transactions secure and convenient, they're also being pushed by a newer, related dynamic: their call centers are swamped with requests from consumers who want to reset lost, stolen or compromised passwords.

"The Target data breach generated more calls than we'd like to have taken in the call center," said Casey Royer, the enterprise voice solutions director at USAA, the poster child for biometrics technology in the U.S. financial services industry. "When we're not planning those calls, it's hard. We need to start barring the doors so we're more secure. We're hoping this [technology] matures so incidents become nonevents."

The Options

One authentication technology banks are starting to deploy is voice recognition.

"Voice recognition has the right combination of characteristics that are unique to the individual," said Dominic Venturo, chief innovation officer at U.S. Bank in Minneapolis. "The voice is easy to use and every mobile phone has the ability to hear a voice." The $404 billion-asset bank has been testing voice biometrics and aims to make it more widely available this year.

According to Opus Research, 41% of all global voice biometrics installations are implemented by financial institutions. Barclays, Santander, Tangerine, Wells Fargo, USAA and ING Netherlands are among those that have adopted this technology.

The quality of smartphones' built-in microphones is high enough to achieve accuracy rates above 90%, according to Brett Beranek, director of product strategy for voice biometrics at Nuance Communications. Barclays' wealth management unit, for instance, says it's achieved a 95% accuracy rate on its use of voice recognition in its call centers.

Fingerprint recognition is another option, one that Apple brought to the forefront by including Touch ID on iPhones and making it part of Apple Pay. First Internet Bank of Indiana, Canada's Tangerine Bank, American Express, Discover and USAA are among those using it to let customers log into mobile banking with the press of a finger.

"There is certainly a strong case for fingerprint and voice," in banking today, Venturo said.

Source:http://www.americanbanker.com/news/bank-technology/authentication-advances-may-finally-kill-passwords-and-pins-1074298-1.html