Data Snack: Digital authentication is a hard nut to crack for banks

Passwords, biometrics and Face ID are the computer engineer’s answer to traditional and real-world authentication processes, such as signatures and building rapport with your account manager or showing your government id.

At the moment, the age of passwords seems to be giving way to more frictionless mechanisms like biometrics or behavioral analysis. Even more innovation is following in the form of standards like open authorization (OAuth), which allow users to authenticate connecting accounts and data sharing through their device.

One area where authentication plays a central and undying role is financial transactions. This is not to say that authorization for sharing data is not a worthy topic to discuss, but instead to stipulate that transactions are where authentication/authorization has a more obvious, visible, and tangible role to play.

Digital solutions like biometrics, Face ID and passwords all have their tradeoffs, which has often led to a bundling of these services in most modern smartphones. No one method can mitigate all issues, and inevitably some use cases have friction. This, coupled with the volume of transactions in the modern day, means that banks must figure out which transaction to double-check and when to demand added biometric or face verification.

Recent data by iProov points out that over 31% of consumers expect to authenticate their identity when making payments of $40 or above. Similarly, as the chart above shows, the percentage of people who don’t want their transactions to be checked for fraudulent activity is higher in places like Mexico, Spain and Australia, but lower in countries like Germany and Canada. Overall, most people still prefer their transactions to be checked for fraudulent activity, and the minimum threshold can be as low as $40.

As the chart above shows, except for Mexico, consumers in most countries don’t show an overwhelming affinity for the use of Face ID to access their banking app. Only a few countries like the US, UK and Australia make it past the 25% mark – that too barely. Many consumers indicate that they wouldn’t use face verification even if it was available on their device.

This loosely means that the banking industry has a twofold problem on its hands:

1) Issues of access: While smartphones are common, devices that can offer sophisticated Face ID are not. With technology becoming more common and cheaper to produce, this problem may have a solution on the horizon.

2) Consumers don’t want it: This one is a harder nut to crack, since reasons can range from not wanting institutional oversight to being concerned by the data sharing and usage policies of an organization. Increasingly, research and scrutiny into digital verification is revealing issues of bias and security. For example, in 2019, the Black Hat hacker convention managed to hack into Apple's Face ID in 120 seconds. Even more research makes cases against practices running behind biometric and Face ID systems, like privacy and informed consent policies that expose people’s personal information.

So, what if there was a way to tell who’s who without collecting PII, primarily through your behaviors and interactions with your mobile device? Would you be okay with that? Stay tuned to learn more about the use of behavioral biometrics in banking.