Can Biometrics Actually Replace PINs and Passwords?

Will Consumers Soon Use a Fingerprint—Rather than a PIN—to Complete Transactions?

You might not be aware of this, but entering PINs and passwords is not actually the most secure method of identity verification. That’s why many banks and fintech companies are exploring alternate security technology, most notably, biometrics.

Make Way for Biometrics

Soon, it may no longer be necessary to remember the correct combination of email addresses, passwords with unique character combinations, and security questions. Instead, new technology will offer superior identity verification with something as simple as a selfie or the sound of the user’s voice.

In August 2016, British bank Barclays became the first financial institution to offer voice recognition biometric security for users of the company’s mobile app.

The technology works by examining the unique characteristics of each user’s voice, including the tone, pitch, cadence, and space between words. Then, once set up with the technology, users will simply be asked to speak to login. The software compares their voice against the stored “voiceprint” to verify that the person attempting to use the app is the authorized user.

While Barclays was the first bank to introduce this technology on a wide scale, they won’t be the last. Fellow UK bank, Lloyds, has also trialed the use of Amazon Echo’s voice-activated functionality for online banking. And, just weeks after Barclays’s announcement, First Direct introduced their own voice-verified login technology. Other biometric verification methods such as fingerprinting, facial recognition, iris scanning, and vein mapping are already offered by major companies including Bank of America, Chase, and PNC. FinTech services such as Apple Pay and Samsung Pay allow users to authorize payments with a fingerprint.

Clearly, biometric security is the path the industry is set to take, and in general, consumers are happy to see its arrival.

Why Don’t Passwords Work?

The reliance on biometrics has emerged out of necessity, as PINs and passwords are revealing their weaknesses. Part of the problem is that the clear majority of consumers make the mistake of reusing passwords and PINs.

The strength of a password or PIN is the fact that it is, at least supposedly, unique. However, a study published by Telesign suggests that 59% of all consumers regularly reuse passwords for more than one account; in fact, consumers use a duplicate password across 73% of accounts. In all, the average individual possesses 23 different online accounts, but will have only six different passwords to manage them all.

It’s not hard to understand why consumers do this; after all, it’s difficult to remember just a few passwords, let alone a unique password for each individual account. However, that is just part of the problem—not only do consumers tend to reuse passwords across multiple different sites, but nearly half of all consumers use at least one password which they have not changed in more than five years.

The combination of old and recycled passwords creates several vulnerabilities for consumers, and leaves plenty of opportunities for criminals to break into multiple different accounts with identical login information.

Biometrics are a Welcomed Change

The broader adoption of biometric technology is a response to both customer irritation at the added friction which passwords represent, as well as the increase in online fraud in recent years. Recent data shows that eCommerce fraud in the US is up 62% over the same time in 2015, and additional data gathered in the UK suggests that the number is likely to be just as high for banking fraud as well.

This is a result of a diverse array of attack methods, from phishing sites and malware to scams in which fraudsters trick victims into compromising their own information.

Bank customers want their information to be secure; however, they are also turned-off by the extra friction which additional security steps represent. Biometrics offer a potential solution to this quandary—the technologies promise to make online banking more secure, while also stripping the verification process down to one simple step.

Biometric technology in the banking industry addresses consumers’ security needs, while also improving their customer experience.

Multi-Step Verification is Key to Consumers’ Security

Biometric security is of great benefit to everyone, from consumers and banks to merchants and even processors. However, it is most effective when combined with other techniques as part of a multi-step verification process.

The strongest security will involve more than one verification method. At present, that typically means entering the correct email/password combination, along with answering a security question. However, given the ease and overall improved security of technologies like voice or fingerprint verification, biometric authorization should be widely adopted by banks sooner, rather than later.

As a consumer, it is essential to take advantage of multi-step verification, and to create strong, unique passwords for each online account. Without this critical approach, not even biometric technology will be sufficient to secure consumers’ data with absolute confidence.

Do you already use biometric verification on one of your devices? If not, do you want your financial institution to offer biometric security? Leave a comment below to join the conversation.