Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Indra P. Chourasia
Biometrics in Financial Services
1. Summary Note
• Financial Services industry has long been gripped with afflicting issues surrounding
identity and authentication in its business operations. As per a study conducted by
The Federal Trade Commission (FDC), identity theft is considered as one of the fastest
growing types of consumer fraud in US with a total cost to businesses and consumers
approaching $50 billion.
• Financial institutions are not only at risk externally but are also vulnerable from
internal quarters with increasing risk of confidential information stolen by employees
or participants in transactions or services.
• Based on data collected by the International Biometric Group1, the total size of
biometric market, which was totaling around $1.5 billion in year 2005, is growing to
exceed $5.7 billion in over five years.
• Limited awareness about the technology, issues relating with customer acceptance
and intrusiveness, integration with legacy system, industry standards and
interoperability, difficulties inherent in centralized shared databases, legal recourse
framework and above all cost advantages are some of the major hurdles in rapid
adoption of the technology.
1
International Biometric Group, LLC is leading independent integration and consulting firm in the
biometric industry, providing a broad range of services to government and private sector clients.
Indra P. Chourasia
2 of 8
Biometrics in Financial Services
time, spoofing biometrics and identity theft are some of the teething questions,
answers to which are to be found in coming years.
• Despite all the hurdles and challenges, usage and coverage of biometrics applications
is expected to continue growing in coming years. With final phase of technology
evolution, biometrics is bound to be all pervasive, touching all corners of financial
services infrastructure.
Financial Services industry has long been gripped with afflicting issues surrounding
identity and authentication in its business operations. In simple terms, authentication is
the mean of verifying the claimed identity of a person or entity. Closely associated with
authentication is authorization, which determines the level of rights and privileges
available to an authenticated user. Most of the financial transactions conducted by
customers is governed these two elements of identity management.
As per a study conducted by The Federal Trade Commission (FDC), identity theft is
considered as one of the fastest growing types of consumer fraud in US. It was estimated
that during year 2003, almost ten million Americans were the victims of identity theft,
with a total cost to businesses and consumers approaching $50 billion. Some of other
recent findings are equally unsettling and reveal a gaping hole in authentication and
verification strategy as being practiced by financial institutions. As per a study conducted
by Federal Reserve, company employees were found involved in more than 60 percent of
bank fraud cases. Another study by Glenbrook Partners indicates that a top US bank
reported over 30 percent of its losses from new account fraud stemming from repeat
offenders – people having defrauded bank earlier.
Financial institutions are not only at risk externally but are also vulnerable from internal
quarters. By very nature of their operation, requiring creation and maintenance of large
repository of sensitive and private customer data, issue of authentication and access to
such data poses many challenges. Because of the increased networking of internal
operations and pervasiveness of huge customer databases, financial institution employees
have access to more customer information than ever before. Some industry analysts and
security professionals estimate that almost two third of identity theft cases is committed
with confidential information stolen by employees or participants in transactions or
services.
In post 9/11 scenario, apart from strong drive by national government in form of new
security related regulations, customer sensitivities and expectations are greatly
heightened towards security issues. This has increasingly brought strong focus on reliable
and effective security measures in financial services operations too.
Indra P. Chourasia
3 of 8
Biometrics in Financial Services
• Something you have: most commonly a physical device such as token, cards, digital
certificate etc.
These credentials could be any of the above or a combination thereof. Based on number
of credential type required, authentication is considered to be based on single-factor,
two-factor or three-factor.
The main problem with single-factor authentication in form of passwords is that these are
often easy to guess, steal, or crack, and once a password is compromised unauthorized
user has the same access rights as the legitimate user. In addition, the legitimate user
may not even know that his or her password has been compromised, since usually no
physical evidence of the compromise exists. There is growing realization within industry
that passwords, PINs, smart cards, tokens or public key infrastructure (PKI) as credential
meet the basic requirements and tend to become increasingly cumbersome and complex
means to authentication with each new authorization level granted to a user.
• Finger Imaging: analyzes the unique pattern created by raised markings found on
the tip of the finger.
Indra P. Chourasia
4 of 8
Biometrics in Financial Services
• Hand Geometry: analyzes the size and shape of hand, usually measured from both
a top view and a side view; optionally the unique pattern created by the blood
vessels in the hand.
• Iris Scan: analyzes the coloured ring of tissue that surround the pupil on the
surface of the eye.
• Retina Scan: analyzes the unique pattern created by blood vessels situated at the
back of the eye (behind the pupil).
During the authentication process, when a user asserts an identity, new sample is
captured and after applying biometric algorithm, new sample template is compared
with the stored template. If the comparison of these two files results into similarity
within the defined limit of tolerance, the identity of the user is biometrically verified
and authenticated. Due to inherent sampling error in capturing the biometric for many
reasons (for example, in finger imaging - different pressure, position, moisture, or dirt
on reader), templates do not exactly match. Thus, in case of sample found out of
defined tolerance limits, application allows to resample user’s biometric for certain
number of attempts before rejecting the verification.
Indra P. Chourasia
5 of 8
Biometrics in Financial Services
recognition and Hand Geometry, aging and injury may particularly affect the result.
Technologies involving Iris Scan and Retina Scan, while provide highly accurate results,
these are perceived highly intrusive and requires special and expensive hardware.
Voice recognition is considered highly non-intrusive technology with wider user
acceptance. However, reliability and accuracy may get affected with surrounding
noise or when user is suffering from cold or has laryngitis. Fear of impersonation is a
big concern in the mind of the users of voice recognition technology.
Based on data collected by the International Biometric Group, the total size of biometric
market, which was totaling around $1.5 billion in year 2005, is growing to exceed $5.7
billion in over five years. (Source: International Biometric Group)
Indra P. Chourasia
6 of 8
Biometrics in Financial Services
Presently, biometrics has been used in branches mostly on retail basis to identify
customers on tellers, authorize transactions (also at ATM and check-cashing kiosks). In
long term, biometric application may involve many transactions, such as - new account
opening, customer identification in branches, non-customer check cashing in branches,
high-risk transaction authorization, tokenless ATM and Point of Sales (POS)
transactions.
While nothing much can be predicted with certainty about the success of industry-
wide applications, some of the applications under discussion are - POS applications,
Trusted travelers program, National ID cards and enhancements to existing shared
fraud databases to include biometric identifiers. Some of these applications involve
comparison of biometric sample with the template stored in some form on a card.
With very little prospect of success, applications involving central shared biometric
repositories and facial recognition as an identification methodology may find some
relevance in long-term horizon.
Similar to many other emerging technologies, not all the biometric technologies are ready
for real-world implementation. A particular biometric technology cannot just be a natural
fit to any or every application setting. Many factors such as environmental conditions,
application settings, usability perspective and response time will greatly influence the
adoption and success of a biometric implementation.
Limited awareness about the technology, issues relating with customer acceptance and
intrusiveness, integration with legacy system, industry standards and interoperability,
difficulties inherent in centralized shared databases, legal recourse framework and above
all cost advantages are some of the major hurdles in rapid adoption of the technology.
Indra P. Chourasia
7 of 8
Biometrics in Financial Services
Despite all the hurdles and challenges, usage and coverage of biometrics applications will
continue growing in coming years. With final phase of technology evolution, biometrics is
bound to be all pervasive, touching all corners of financial services infrastructure –
starting from authentication of a high risk multi-million dollar inter-bank transaction to
access of local savings bank account to effecting payment on purchase of groceries at
supermarket.
8. References
• Biometrics in Financial Services - See Me, Hear Me, Touch Me – an advisory Report by
Glenbrook Parners (February 2003)
• www.biometritech.com
• www.biometricgroup.com
Indra P. Chourasia
8 of 8