Biometrics: the next generation of corporate digital banking authentication
30 June 2015
Corporate treasury departments initiate and approve millions of dollars in high-value payments on a daily basis. As an example, in May 2015 the average amount of a US Fedwire transfer was $5.7 million. Because of the dollar value of these transactions, banks were early adopters of enhanced authentication for corporate online banking applications. Many banks continue to offer one-time-password authentication (on top of traditional username and password) using RSA SecurID or Vasco DIGIPASS hardware tokens at both login and payment initiation. When Celent published its report “Corporate Mobile Banking Update: Adoption Conundrums and Security Realities
” in September 2014, it highlighted alternatives to traditional two-factor authentication for corporate online and mobile banking applications. Alternative methods include voice, pattern and biometric authentication methods. As discussed in the Celent Banking Blog “Logging Into Your Bank in a Heartbeat
”, several banks have rolled out Apple’s Touch ID fingerprint authentication technology for consumer online banking login authentication. However, as quickly demonstrated by clever hackers, Touch ID is vulnerable to various hacking methods. For this reason, banks are turning to more sophisticated biometric authentication methods for its corporate online and mobile banking applications. The focus remains on layered, multi-factor authentication, but combines authentication technologies in unusual and unique ways. Barclays Bank’s offering combines biometric and digital signature technology in an offering called "Barclays Biometric Reader.” To overcome limitations with traditional fingerprint scanners, Barclays is implementing Hitachi Europe’s Finger Vein Authentication Technology (VeinID) which reads and verifies the user’s unique finger vein patterns. The latest authentication announcement comes from Wells Fargo who is combining facial recognition with voice biometrics. Wells Fargo is working with SpeechPro to pilot the new bi-modal security solution (VoiceKey.OnePass) and fine-tune the biometric authentication features. The solution uses a standard smartphone microphone and camera to capture a facial image and voiceprint. Wells Fargo is also working on authentication using eye vein scanning (as opposed to typical retina scans).
New authentication technologies, from a slew of relative newcomers to the financial services space, could eventually replace traditional hardware tokens and eliminate multiple authentication hoops throughout the digital corporate banking experience. Watch this space.