A leading Australian financial institution has revealed that with the popularity of its mobile banking platform, it is exploring the option of biometric security in an effort to further enhance the security of its services. Is biometric security set to become the new standard for application security?

 

Figure above: A leading Australian financial institution is exploring the option of biometric security to further enhance the security of their mobile banking platform.

Most financial organisations use SMS verification messages as a form of two-factor authentication. Two-factor authentication is often needed to verify transactions over a certain threshold or when sending payments to unlinked bank accounts. However, this form of authentication was declared unsafe for online banking transactions in 2012 by Communications Alliance, the primary telecommunications industry body in Australia.

SMS verification as a second-factor authentication was declared unsafe by the body due to the possibility of the messages being intercepted, as SMS was not designed to be a secure communications channel. Today, many financial institutions still continue to use SMS verification messages despite this and some offer a physical token authentication to business customers. Physical tokens are more secure, however they are too costly to distribute to all retail customers.

One leading Australian financial institution is now exploring the possibility of using voice biometrics as a second-factor authentication method as an alternative.

Biometric authentication is the use of identifying an individual using their biological characteristics such as their fingerprint, face, voice, DNA, palm print, or retina. This form of authentication is not new. For example, face recognition or fingerprints are used to login to some computer systems and Apple’s iPhone 5S has a fingerprint sensor as a means to login to the device. However, its use has not yet become mainstream.

“Biometric security has been around for a while, however possible uses for it have never been more prevalent than now,” stated Kareem Tawansi, CEO of software development provider, Solentive Software.

“Given the difficulty we all face in remembering a multitude of usernames and passwords for almost everything that we do, biometric security could be the answer to this problem. I believe we will start to see a shift away from passwords and PINs to face recognition and fingerprint scanning. This technology can be used to access any application that requires a password to login, as long as they have the necessary hardware components such as a camera for face recognition for example,” suggested Tawansi.

Other advantages of biometric security:

  • Positive and accurate identification
  • Easily integrated into mobile devices
  • Impossible for criminals to steal
  • Improved user experience

According to Apple, only half of smartphone users place a passcode on their devices, presenting a significant risk to organisations that practice BYOD (Bring-Your-Own-Device). By incorporating biometric security, the process of unlocking a device or logging into an application will become much simpler. Furthermore, biometric security will make it more difficult for criminals to gain access to unauthorised company data.

While usernames and passwords may never be completely eradicated, there is potential for biometric security to become the new standard for second-factor authentication. There is no doubt that we will start to see an increasing use of biometric security at home and in the office.