Until recently, access to our online and mobile banking platform has been provided by the ubiquitous ‘username and password’ security challenge we’ve come to expect. Sometimes, this has been augmented with a second security factor, such as an SMS one-time code or small hardware token, designed to make it harder for hackers and fraudsters to gain access. While this does make it more difficult, it also makes the journey harder for the legitimate user as well, which is why it hasn’t been widely adopted anywhere without enforcement by stiff regulation.
As we see the rise in cybercrime across the financial services industry, keeping the security status quo is no longer an option. As hackers become more adept at tricking and stealing passwords from unsuspecting customers, organisations are looking for new and more secure ways of allowing authorised users to access their digital services. The digital banking solutions they’re moving towards involve authorising access by validating a customer’s unique human characteristics, otherwise known as biometrics.
From all of the excitement and innovation that’s apparent in the market, we can be excused for thinking that this is actually something new, but in fact the password-only challenge is a rather recent and substandard anomaly in the wider world of identity recognition.
Biometric authentication methods
In the animal kingdom, determining from the shape, smell, size and sounds of another creature whether they are a threat or a member of the same family, pride or troop, is an instinctive and instantaneous reaction. Having to recognise a predator from just a benign visitor is often a matter of life or death. Human reaction is just the same. From the moment we’re born, we learn to recognise our parents and those around us regularly as those who offer comfort and security. When a child meets someone new, the reaction is most likely one of caution, manifesting itself as shyness and a reliance on a trusted adult figure to give reassurance.
We have all been taught to be wary of strangers, and for a high percentage of the time, we get it right. How do we do this? We use biometric authentication methods to challenge and confirm identity.
Combined biometric and password authentication has been used for centuries in the theatre of war. I’m sure we are all familiar with the phrase, “Halt! Who goes there?”. You can go as far back as you like into military history, you will find that the combined use of verbal and visual challenges are the most common and reliable form of identity recognition. In the case of, Who goes there?, the response is expected to be name, rank and regiment, or a password. You could argue that this is only a password challenge, but the challenger would no doubt be trying to detect a foreign accent, stress or hesitancy in the tone, as well as recognise the spoken words.
Often following this initial verbal challenge, a sentry would command, “Stand forward and be recognised”. Certainly, a guard would want to check that the person was in fact who they say they were. This was (and arguably still is) the most important part of the identity challenge. You may be able to learn the words, and you may even be able to say them in a convincing way, but it’s much harder to wear the right uniform, carry the right equipment and most importantly be known and recognised by the challenger as a friend and not a foe.
In essence, the most important elements of any security challenge – those being the hardest to replicate – are the personal characteristic components, including sound and visual recognition: biometric security in action.
Biometric recognition solutions
So, why are password-only challenges used in today’s digital world at all? Well, because until recently the technology has been limited to the use of keyboards and inert screens. Now, with the recent mass adoption of high resolution cameras built into touchscreen devices, we’re seeing the explosion of biometric recognition solutions.
Knowing now that this is nothing new should help with mass adoption by financial service providers and their customers, because, when we think about it, we’ve been doing it instinctively since the day we were born.