The 2014 Money 20/20 conference held in Las Vegas from November 2 – 5th welcomed over a thousand companies vying for the attention of the 7,000 plus attendees in order to introduce them to new innovations being developed to give consumers more control and protection of their finances. Many of such products were software innovations for online financial security, as well as methods to reduce friction.
A recent survey conducted by SmartMetric reflects a growing reluctance among consumers to use credit cards due to mounting incidences of financial fraud and retailer hacks. However, this hesitation comes at a time of high demand for usability and accessibility for electronic and financial goods. For example Apple, known for its user-friendly products, famously had its iCloud hacked leaking numerous of its famous clienteles’ private photos. Representatives of the company confirm the leak could have been prevented using the two-part authentication system available on the iPhone, but many users either don’t know such a system is available or don’t want the extra hassle of tighter security. The high publicity of hacks including Home Depot and JP Morgan Chase have heightened concern among consumers which in turn has urged companies to develop security measures that reduce online vulnerability in an increasingly digital age while maintaining a ease of use.
Popular suggested changes to the industry include the transition from traditional magnetic strip credit cards for chip-cards (currently underway and to be completed by October 2015) as well as a movement toward digital currency systems. This switch is part of the shift of liability for data hacks from the credit card company to the retailer. Many vendors and leaders in the financial industry at the Money 20/20 conference agree that another way for companies to bolster their online security is the implementation of layers of security, often in the form of passwords, questions, and other interactions with the consumer. However, many of the vendors represented both on panels and at the conference as a whole concur passwords are becoming less safe and pointed to biometrics as an alternative to traditional security measures. One such vendor is Thales e-Security. According to Richard Moulds, Vice President of Product Management and Strategy,
“The current financial services/digital securities ecosystem fails to sufficiently focus on the needs of the merchant, without whom, there is no need for payments in the first place. While there is a tremendous amount of innovation in the payments space, it is only of value to merchants if it enhances the customer experience, gives customers more choice, and above all – is trust worthy. The EMV mandate places a cost and penalty on merchants. Mobile payments and mobile wallets are very fragmented, making it difficult for a merchant to promote to its customers. Online merchants are being overlooked, as NFC, tokenization, EMV etc. are all largely irrelevant to them, making it difficult for physical merchants with an online presence to align their user experience across channels. Crypto currencies are still immature and hard to deploy, despite some customer demand to pay with them. A merchant’s overarching concern is the selling of product, not the payment system. The most important aspect of any payment system merchants adopt is not just ease, but the security of customer information. Without that safety guarantee, there is no incentive for merchants to adopt new payment systems, and that’s where our solutions come into play – creating trust.”
Enter, biomentrics. “Biometrics” can be referred to as both a characteristic, as well as a process. According to biometrics.gov, the federal resource on the technology, the two types are defined as follows:
As a characteristic- A measurable biological (anatomical and physiological) and behavioral characteristic that can be used to automated recognition.
As a process- Automated methods of recognizing an individual based on measurable biological (anatomical and physiological) and behavioral characteristics.
Fingerprint recognition, iris recognition and hand/finger geometry are the three biometric factors most used by both the public and private sector. For example, many airports today employ both hand geometry and retina scans at boarder control for international flights. However, recent developments have taken the use of the technology further, allowing it to also measure typing speed, heart beat, hand-eye coordination, and other user-specific interactions with their mobile or web-based devices.
The notion of a person gaining access to information as personal as a heartbeat is disconcerting, conjuring scenes of hackers targeting ordinary people to gain access to their most personal and protected information. When Apple introduced its iPhone lock that activated using the owner’s finger print for verification, rumors of the company collecting and storing the fingerprints of customers soared. While such technology can be used for less than altruistic means, it can also be harnessed to protect consumers from threats.
So how does it work? According to Biometris.gov, a typical system is comprised of 5 components. First a sensor is used to collect the data and covert it into digital format. Next, signal processing algorithms set quality controls and develop a template. Data storage then keeps the information that new templates will be compared to. A matching algorithm compares new biometric templates to the previously saved templates. Finally, the system contains decision software to determine whether or not the results are a match. The process can either be completely automated or set to be managed by humans, both of which require no effort on the part of the person profiled.
In an exclusive interview with CR at the 2014 Money 20/20 Conference, Len Crosson, Vice Present of Sales at BioCatch Technologies, spoke about the inspiration behind the technology. The company’s founders, Benny Rosenbaum and Uri Rivner, two veterans in the cybercrime industry, simply wanted to know who was on the other side of the computer without becoming an intrusion to the user. Using 400 behavioral parameters for variety of passive and active profiling, the BioCatch system can authenticate a user over the web or via mobile device without him or her becoming aware.
Traditionally, banks use location to verify the identity of clients. However, those who have had their credit card canceled during a vacation can testify that this type of verification may not be the most unobtrusive. The BioCatch team asserts this is because the nature of security within financial services hinges on the assumption that a person is guilty then may be proven innocent. The company has partnered with banks globally, ranging from small to large, to assist them in boosting security efficiency for both their products and customer service.
According to Ryan Wilk, Director of Customer Success, NuData Security,
Too many of today’s risk mitigation platforms are fighting the uphill battle of trying to substantiate data that is being entered by a user. While valuable, these systems are easy for fraudsters to identify due to their post-transactional static nature. We look to understand the subconscious traits exhibited by a user through their full lifetime of interaction to gain deep insight into who a user is, in real-time. Having this profound, early knowledge into who your user is will allow you to not just avoid risk, but also become predictive of the risk you are facing so it can be avoided before a loss is suffered.”
As more and more private companies begin to make use of biometric profiling, questions of regulation standards come forth. Specifically, how such information should be stored and how dangerous a leak of the data would be to a person’s financial security. Because the authentication parameters used are so personal, many feel a hack would leave individuals more vulnerable than if the security measures in place was a user-chosen password. Others argue biometric data is not legally considered personal information the way a Social Security number or account number is because there is less potential damage. A heart beat, for example, would be less likely to help a criminal steal a person’s identity than a Social Security number. Furthermore, many systems, such as BioCatch, do not store consumer data, but work off current patterns predetermined to a correlation of actions for an actual client versus malware or robot.
New developments in biometrics are bringing the technology once associated with sci-fi movies to everyday use for consumers. While questions remain, the potential to improve efficiency within an industry that is in desperate need of a face-lift puts biometric profiling at the forefront of potential solutions for holes within financial security.
Olivia is a graduate of Villanova University where she studied Economics and History, minoring in Gender and Women's Studies. She also has experience working with federal legislatures on health care policy, women's issues, and Internet safety.