Many distinct entities are looking to kill the password, or replace it with better, more secure ways of logging into several online services. Banks are among them, and it’s easy to understand why. They want to protect their money. In light of the many security breaches that have put at risk the identities and online assets of millions of users, banks are encouraging customers to sign up for in-app biometric authentication methods. Scanning a fingerprint, the eye, or recording voice is a lot easier, and more secure, than logging into online banking services using credentials that hackers can steal or social engineer. And the iPhone is a big reason why banks are looking to kill the password.
In an extensive piece, The New York Times explains the various password alternatives banks use, all related to a certain extent to biometrics.
Bank of America, JPMorgan Chase, and Wells Fargo have millions of customers who log into their bank accounts using fingerprints on mobile phones, a feature iPhone introduced with the iPhone 5s, and which later became an integral part of the Apple Pay wireless payments feature.
Apple equipped smartphones with fingerprint sensors all the way back to 2013, and many competitors followed suit. A year later, Apple opened Touch ID to developers and launched Apple Pay. However, it’s only recently that banks have released apps that can take advantage of the feature.
Other biometrics used include eye scans (Wells Fargo), voice (Citigroup), and facial contours (USAA).
It’s important to note that banks are worried that regular username and password logins aren’t secure because of all the many breaches in the last few years that allowed hackers to steal millions of credentials for various services as well as other identifiable information such as social security numbers.
Financial institutions have toyed for years, with the idea of adding biometric-based security layers to customer accounts but the available technology was cumbersome and expensive. The iPhone and other devices solved that problem, making smartphones practically ubiquitous.
Smartphones are advanced enough to let apps read fingerprints, scan eyes, and record voice in crystal clear quality. Also, smartphones also act as a second layer of protection. “If you have your phone and you are authenticating with your fingerprint, it is very likely you,” Twin Mill founder and biometrics security expert Samir Nanavati told the Times.
The problem with biometric-based logins is that customers have to agree to make fingerprints, eye scans, and voice accessible by banks. And there’s always the theoretical possibility that clever hackers might find ways to compromise this type of security as well. But banks to not store actual fingerprints or eye patterns. Instead, they’re keeping templates made of hard-to-predict numerical sequences.
Other safeguards are also in place, including voice prompts that ensure the user isn’t playing a voice recording to log in. Eye-scanning apps tell users to blink and/or move the eyes to avoid someone using a photo to log into an account. Wells Fargo teamed up with EyeVerify, whose technology creates a maps of the veins in the whites of the eye.
In addition to securing accounts better than passwords, biometrics can also transform the entire banking experience, making it faster than before. However, while logins are almost instant, certain operations, like transferring funds, might still require good-old passwords, at least for the time being.
The Times’ full article on the matter is worth a read and it’s available at the source link.