Paying with a Smile
Twenty years ago, American Express ran with a marketing slogan, ‘Just pay with your name’. G+D now enables banks to reinvent that slogan to ‘Just pay with a smile’ by enabling customer centric, safe and secure authentication methods.
With cyberattacks growing ever more sophisticated, the trusty password has well passed its use‐by‐date. No longer a sufficient security barrier in an age when massive data breaches are all too common, the question for financial institutions is what will replace passwords?
SMS confirmations containing one‐time passwords (OTPs) are a convenient alternative, but do not meet the authentication required under the new open banking landscape created by the European Union’s PSD2 Directive. Simple OTPs fall short of the standards of PSD2, which becomes mandatory in September next year. OTPs dynamically linked to the transaction amount and the beneficiary are closer but are still susceptible on two fronts.
First, the dynamic link is generated by a bank server based on a transaction generated by the legitimate user, but which could be created by a hacker. Second, the resulting OTP can be re‐routed easily to a hacker’s mobile phone. The NIST (National Institute of Standards & Technology in the United States) in 2016 concluded SMS two‐factor authentication is too risky.
Why biometrics is here to stay
To ensure compliance and to fight fraud, banks and financial institutions are turning to biometric authentication to identify customers and safeguard resources, says Dr Carsten Wengel, head of the EMEA region at G+D Mobile Security. Biometric authentication uses multi‐layer combinations of facial, fingerprint, and voice recognition tools as well as other technologies to verify the unique identity of each individual. “Data breaches must not happen in an industry that has a core value of trust,” says Wengel. “If your data are compromised, then the credibility of the service drops immediately. It’s a big disaster: it will explode on social media and the bank will go out of business.”
Trust is the question that goes to the heart of Giesecke+Devrient, as trust is the currency of the future. For example, the company produced the world’s first machine‐readable bank note and was instrumental in developing the eurocheque system in 1969 which evolved into modern debit cards. Based on its security experience, G+D believes biometric identifications provides the most secure and seamless access to mobile financial services available.
“If you saw Tom Cruise in Minority Report, or similar sci‐fi films, you would have seen biometrics used to identify individuals”, comments Wengel. What may have seemed a far‐out Hollywood idea a few years ago is now reality.
If your data are compromised, then the credibility of the service drops immediately.
Dr Carsten Wengel, head of the EMEA region at G+D Mobile Security
Access in the blink of an eye
Wengel believes the successful digitisation of banking services will boil down to credibility and retaining the customer’s trust. Because when personal data seems insecure, it instantly becomes a business‐critical issue. “Biometric authentication provides customers with unparalleled levels of security but doesn’t require them to jump through hoops to access mobile banking services”, he notes. “When customers know this, they feel more secure, perform more actions and use more digital services.”
G+D embraces the Fast Identity Online (FIDO) standard as it believes that standard allows security to be built into digital transactions in a way that has never been achieved before. “Access to digital banking services needs to be simple, yet highly secure. FIDO delivers this seamlessly and elegantly, whilst being cost effective for the service provider”, explains Wengel. At G+D, the Convego Mobile Authentication solution delivers FIDO biometric based, PSD2 compliant, strong customer authentication to millions of users worldwide.
According to Wengel, biometrics are already delivering dramatic results in the new digital ecosystem, opening up for new use cases such as digitalized remote customer identification. Where the setting up of a traditional bank account once meant visiting a branch and a post office over a number of days, it can now be achieved on your sofa on a Sunday afternoon in a matter of minutes.
“You basically make an appointment with your bank’s call centre, a person or even a bot contacts you on a device by choice and complete the onboarding using the identity card that you hold in front of you.
Wengel argues that this seamless simplicity creates an emotional link to the brand that has a value beyond trust. “Creating confidence in the financial services market is all about improving the customer journey; breaking it down into each transaction or service and facilitating smooth, convenient and secure access”, he says.
Opportunities on offer
Mobile biometrics is expected to authenticate $2 trillion (€0.9 trillion) of sales annually by 2023 – 17 times the $124 billion (€108 billion) expected in 2018. A recent report by Juniper Research also estimates that biometrically‐verified remote mCommerce transactions will reach a volume of over 48 billion by 2023 to become around 57% of all biometric transactions, up from an estimated 28% in 2018.
Established banks need to move quickly to remain relevant as other alternative payment methods are providing fierce competition in the fintech space. Yet, for Wengel, the most compelling argument for biometric authentication comes back to one of the oldest ones for banks – trust. In the new digitalized era of banking services, customers want to be sure they can depend on the bank.
“Twenty years ago, American Express came up with the slogan, ‘just pay with your name’,” says Wengel. “Now that slogan could be ‘just pay with a smile’ because likeness detection allows banks to authenticate a transaction and make it much more secure than anything you could do with a PIN card.”
Find out more here.