Biometric Authentication: the How and Why
Biometric authentication for fraud prevention has been developing at light speed these past few years, with many new solutions reaching the market. For those seeking to better comprehend the new possibilities afforded by biometrics, Nu Data Security in conjunction with the Aite Group compiled a custom report on the market for biometric fraud solutions that is now available to industry participants on about-fraud.com. The report is based on a survey of 25 biometric authentication solutions providers in the market as well as 10 executives at major financial institutions. It can be downloaded in full from about-fraud.com at this link.
The main thrust of the report is that major financial institutions should be considering biometric security solutions to reduce fraud, especially if they don’t already have any in place. Biometric authentication is an effective addition to a layered fraud prevention strategy, in particular for the mobile channel, as smartphones continue to approach full penetration in major markets. The addition of advanced sensor technology by Apple, Samsung and Google with its Android operating system, have opened tremendous opportunities for mobile-based biometric authentication. As previously mentioned on about-fraud.com, mobile is fast becoming a significant attack vector for fraudsters and one that is yet to be well-defended. However, no single biometric solution is appropriate for every channel and every use case.
Biometric authentication can be divided into passive and active techniques. Passive authentication utilizes user behavior data including how users typically interact with the screen interface to determine identity. Sometimes passive biometric authentication can be referred to by machine-based learning fraud solutions providers as behavioral data.
Active biometric authentication involves affirmative action by the user to confirm their identity, whether by using their voice, providing an image of their eye or face or using their fingerprint. The problem of active authentication is that it can interrupt the user flow, but the benefit of adding such friction in the user experience is that it re-assures users that the service they are using is secure. Sometimes it can also be used to replace the use of a password, thereby cutting down on a friction. To achieve a continuous authentication environment where security is always guaranteed, it is possible to combine both passive and active biometric authentication into a single, complex solution.
However, the importance of a positive and relatively frictionless customer experience for online merchants and financial institutions makes it difficult for them to rely entirely on one biometric solution. Instead, Aite’s report found that it is better for solution end-users to use a platform or middleware that can integrate different biometric and other fraud prevention solutions along the lines of a plug and play model. This way users will be authenticated only in a manner that suits the channel they are using and the risk-level associated with their activity – minimizing the friction in the customer experience.
Usually the last thing mentioned when implementing biometric solutions, but perhaps one of the most important to consider, is the importance end-users must place on training internal staff. Not only must a company’s staff know how to use the biometric solution implemented, but customer support staff must be able to walk through consumers on how to enroll and use the biometric authentication to ease implementation. Otherwise, a new solution will cost dramatically more than expected in terms of friction in the costumer user experience
To read more details you can download Aite Group and Nu Data Security’s entire biometrics solutions report here. Nu Data Security is a Mastercard company following its acquisition by the credit card network earlier this year. The full report link is made available by about-fraud.com with the explicit permission of Nu Data Security, the rights holder.