Biometrics isn’t discussed that much at banking conferences these days.
Most of the time, when I raise the topic, there’s a groan from the banking audience.
“Oh, been there, done that.”
The usual view is that biometrics doesn’t work. It’s too flakey. Too many false positives and false negatives, as in it doesn’t read the finger, eyeball or voice correctly.
And yet, we now have things like Siri voice recognition on the iPhone and fingerprint PC access that is commonplace.
Voice and fingerprint recognition has come a long way.
India has now identity tagged every citizen with a biometric ID, and most governments are doing the same via passport and cross-border programs.
So why are banks so reticent about biometrics for identity?
Because of the past trials or the future costs?
Probably a mixture of both.
Certainly, the idea of biometrics in banking has been around for a long time.
I was involved in rolling out iris recognition ATMs in the 1990s and engaged actively with the Japanese program of deploying palm reading ATMs in the 2000s.
At airports, I regularly pass through the fast track line with an eyeball to a screen, banks have rolled out iris recognition on smartphones and Apple has even patented a fingerprint recognition as you swipe your iPhone to unlock it.
Yet I still look for biometrics in banking and find it hard to uncover anything worthwhile.
Instead, we have passwords that can be cracked easily and so we add an extra clunky three-factor authentications with a one time password generator.
And customers don’t like it.
“It seems like an innocuous piece of kit to have inspired such annoyance, but the new HSBC ‘secure key’ has already garnered six Facebook pages plotting its demise, while Twitter is all aflutter with people explaining just why they don't want to use it. So why has the bank decided to introduce this seemingly unpopular gadget.”
No, they don’t like it one bit.
Things will change and biometrics will be deployed instead of additional tokens and devices over time.
Much of this market increase will come from large government ID and security programs, which will then ripple over into financial applications.
For example, Companies and Markets predicts that the global biometrics market will hit $12 billion by 2015, up from $5 billion in 2010, thanks to these government security programs.
The report believes fingerprints will see the major focus, although citizens don’t’ like fingerprint recognition.
The reason is that fingerprints are mucky.
Wiping your finger over a terminal touched by hundreds or thousands of others, with no cleansing or wipe in-between.
Yeuch.
That’s why the Japanese moved into palm or vein reading, as you don’t actually need to touch the terminal.
But the most intuitive of all biometrics has to be voice surely?
With mobile being so ubiquitous, voice makes sense as it’s something you can easily verify via mobile.
Voice is a proven technology and voice recognition is resilient, accurate and reliable enough to overcome accents or influenza.
With voice you don’t even realise you’re being biometrically read necessarily, and you can even use voice to detect lies.
This is why Opus Research predicts that the global number of registered voiceprints will increase from 10 million today to over 25 million in 2015, and much of this will be driven by the payments markets.
Mind you, you need to beware of voice a little bit.
After all, just checkout Siri.
I wonder how good voice recognition is in a noisy environment!
Posted by: Vee | January 27, 2012 at 08:45 AM
Pardon?
Posted by: Chris Skinner | January 27, 2012 at 09:05 AM
We have been busy with biometric payments for a couple of years and see a pickup in the market. The technology is available and cheap and there is a need at places where speed and simplicity is key. No need for biometrics as such but for "fast, simple & reliable" payments at the till. FIngerprint payments offer 60% faster payments compared to EMV solutions which saves seconds per transaction at the till. Reliable, proven, secure, fast, scalable and available!
Let the sceptic be sceptic, in the end it will be the merchants and consumers that determine the convenience they want and biometric payments certainly solve a problem for them!
No rocket science but real solutions available and deployed in many shops!
Dave Rietveld
Head of business development
Equens
More info at:
http://www.equens.com/emergingservices/biometric_payments/index.jsp
Posted by: Dave Rietveld | January 27, 2012 at 09:47 AM
Hear about Voice Biometrics on 2nd February. There is a webinar organised by Opus. Anyone can register at http://opusresearch.net/wordpress/2012/01/25/one-week-to-go-webcast-on-best-practices-for-voice-biometric-implementations/
Posted by: Emmanuelle Filsjean | January 27, 2012 at 11:14 AM
Nice post. I too was involved with biometrics in the '80s and beyond, including voice and facial recognition. There were a lot of technical constraints early on but those seem to be mostly solved. Banks and others have deployed biometrics, but I understand your focus is on deploying biometrics at scale for the consumer customer base.
That is what is problematic--deploying biometrics at scale. The technology itself is not the primary issue, particularly as part of a layered approach. I think what banks have always been concerned about is the upfront and ongoing costs, how to gain broad customer acceptance, and how to support the technology/service deployment--particularly preparations for when the technology fails, as it inevitably will, either systemically or with individual customers. Oh, there's also this other minor issue of integration/interoperability with legacy systems that might take some time to work out.
I think if you look at this question as a cost/benefit and next best alternative analysis you may conclude that biometrics will continue to support niche applications, but won't be deployed at scale to the entire customer base until the costs of failure for current alternatives gets higher.
Posted by: David Bellinger | January 27, 2012 at 01:24 PM
In banking, perhaps the biggest challenge for biometrics is that nobody can say how these things really work until they're put out into the field.
The FBI's advice on biometrics is chilling. One of the most comprehensive independent studies of biometrics was conducted by Mitre corporation for the FBI's Biometrics Centre of Excellence. This from one of their technology assessments:
"For all biometric technologies, error rates are highly dependent upon the population and application environment. The technologies do not have known error rates outside of a controlled test environment. Therefore, any reference to error rates applies only to the test in question and should not be used to predict performance in a different application."
And:
"The intentional spoofing or manipulation of biometrics invalidates the 'zero effort imposter' assumption commonly used in performance evaluations. When a dedicated effort is applied toward fooling biometrics systems, the resulting performance can be dramatically different."
Ref: Mitre Corporation for the FBI State of the Art Biometrics Excellence Roadmap (SABER) "Technology Assessment: Volume 1 (of 3) Fingerprint, Palm print, Vascular, Standards" 2008; www.biometriccoe.gov/SABER/index.htm
That is, most reported biometric accuracy figures are only worked out for accidental errors. Vendors' bench testing deliberately ignores deliberate attempts to spoof the systems. 'Dedicated effort applied to fooling biometrics systems' means criminal attack. If a vendor cannot tell a banker how well a security system actually resists criminal attack, if they have no standardised performance specs to predict how biometrics will go in the real world, then that vendor faces an uphill battle.
Posted by: Steve_Lockstep | January 27, 2012 at 10:07 PM