Forget Passwords… Multimodal Biometrics in Payments is Here!

June 14, 2018

The financial payments, remittances, and settlements segments of the banking industry is undergoing a paradigm shift across the globe in terms of speed, transparency, and transaction volumes given the rapid adoption of next-gen technologies. Major economies of the world are seen moving toward an infrastructure that supports faster and real-time movement of money for both domestic and international.

User-friendly applications, supplemented by straight through payment processing have resulted in a considerable increase in the number of customer initiated online payments. But, this shift in payments processing is not devoid of perils – a major one being fraud and identity theft. The fraud budget of banks worldwide is ballooning (in 2017, losses resulting from identity theft amounted to USD 16.8 billion according to New Javelin Strategy and Research Study) and even a small percentage cut in fraud-related losses can significantly boost the margins and help drive Build-the-Bank initiatives. To this effect, banks are looking to build strong multi-factor customer authentication mechanisms.

Remembering passwords and PINs, soon a thing of the past

Biometrics as a means to authenticate has matured over the years, with advances in technology bringing forth cost-effective solutions, such as fingerprint-based account access on mobiles, for banks and financial services firms to implement. Successful roll outs of biometrics-based security systems has strengthened the confidence of customers in this area. Biometric authentication has proved to be robust, secure, reliable, and fully guarded against theft. It relates to human characteristics that are unique and do not change, at least in a short run of eight to ten years. Its management is also fairly simple when compared to the other modes of authentication.

A number of biometric traits are used to authenticate a person’s identity – each one unique, and at a different level of maturity in terms of implementation. Back when fingerprint templates were stored in banks’ servers, customers were skeptical of the security of this data, and justifiably so. Recent developments have addressed this challenge by storing the template in a device (mobile or chip card) that the consumer possesses, and a wide acceptance of fingerprint as an authentication mechanism is touted for financial transactions.

It has been found that the number of transactions through banking apps can significantly improve when users elect to authorize payments with their fingerprint. E-Commerce players such as Alibaba have piloted facial recognition for their in-app purchases and ‘selfies’ to authorize payments are becoming popular. Banks have started integrating voice authentication for IVR-led phone banking too – the customer’s voice is analyzed across 140 factors, against a voiceprint that is impossible to duplicate, and cannot be reused even if stolen. Retina and iris scanning, palm-vein, palm-print, and hand geometry are other usable biometric traits, however, the commercial viability around these is yet to be explored, considering the infrastructure requirements and real estate needed for the reading device.

Bolstering financial system security with multimodal biometrics

Although unlikely, but if physical characteristics were to change in one’s lifetime, for instance, aging iris or let’s say worn-out fingerprints, biometric authentication may fail, either temporarily, or even permanently in case it’s unimodal.

Moreover, considering the false positives and exceptions that may arise due to ‘noisy’ data, intra-class variations, spoof attacks, and non-universality, designing an authentication mechanism that uses only a single trait may not be apt for the financial services industry. To overcome shortcomings like these, multimodal biometric authentication is gaining popularity. This involves either using more than one characteristic feature (for example, fingerprint and facial recognition), or capturing multiple sets of the same trait through different sensors, enabling stronger, more fool-proof authentication.

Combining these individual measurements-called biometric-fusion – helps increase the robustness of an authentication system. Experiments have proven that among various fusion techniques available, fusion at the feature level provides far better recognition results.

If one were to list down the benefits of multimodal biometrics, then the accuracy in uniquely identifying the customer tops the chart since the technology can drastically nullify the effect of noisy data. Secondly, the problem of non-universality can be remediated as multiple traits can ensure sufficient population coverage. Layered authentication allows even the highest-risk transactions to be performed in self-service channels, thereby helping banks create exponential value for its customers.

Not only does it eliminate the probability of fraud since spoofing multiple traits is beyond difficult, a multimodal authentication system also improves customer experience as it doesn’t require you to remember intricate passwords.

However, when implementing such a system, banks will need to use an adaptive biometric solution that can auto-update the templates or models periodically, and continuously enhance the robustness of the overall system. What’s your take on this? Do you think multimodal biometric authentication is the answer to banks’ woes when it comes to customer authentication? What would, in your opinion, be some key aspects for banks and financial services firms to consider when intending to adopt this in full swing? Do share your thoughts in the comments section below.

Gopakumar Kunnanchath is a Domain Consultant with TCS’ Banking and Financial Services (BFS) unit. With over 17 years of experience in the Cards and Payments group, Gopakumar specializes in consulting and solution analysis in areas such as payment cards issuing and acquiring, EMV migration, as well as fraud and loyalty solutions for leading banks across the globe.