Forget PINs and passwords (apparently many people do).
The IDs of the future may be biometric: fingerprints, voice recognition, iris scans and other technologies based on anatomical features unique to an individual. Experts also mention digital signatures.
Banks must ensure that an account holder is who he says he is. Authentication tools must work with many delivery channels-the Internet, ATMs, wireless devices-but also offer convenience for customers and cost savings for banks.
That's a tall order, which is why most U.S. banks have yet to implement biometrics on a wide scale. But many are considering them. BioNetrix, a Vienna, Va., software firm, is working with several banks. The company provides centralized management of biometric tools across many delivery channels.
"We're right on the edge of a significant trend in the banking industry," said John Ticer, CEO at BioNetrix. Ticer expects major biometric rollouts this year.
Top-notch security is the biggest argument for biometrics, said Steve Ellis, executive vice president of wholesale Internet services at Wells Fargo. PINs and passwords are not foolproof. It's harder to steal a voice pattern than a password.
Wells Fargo spun off a company, Innoventry, which used facial recognition technology instead of PINs for its ATM system, Ellis said. And Wells Fargo is testing retina scans and has used token cards and fingerprint scans internally. The tokens include eight-digit random numbers; customers use a private ID plus the token to access a Web site or dial into the network. But tokens are expensive-$60 each to maintain over their lifetime-so Wells Fargo seeks a cheaper tool. It hasn't rolled out large-scale consumer use of biometrics yet.
Banks spend $15 per call to help consumers who forgot their passwords, said Sanposh Phitakki, VP of marketing at BioNetrix. Meanwhile, most password fraud occurs when a hacker steals thousands of passwords after breaking into a database. Voice or facial patterns, on the other hand, are stored as encrypted formulas, hence are tougher to crack. And requiring customers to sign documents on an electronic pad, not paper, automates verification, relieving cashiers and tellers, who rarely glance at signatures, of the responsibility.
That could save a bundle; the typical bank loses millions annually on check fraud alone, Phitakki said.
Biometrics can eliminate passwords and therefore allow more secure transactions, even via phone or Internet, said John Bree, vice president and director of risk control/loss prevention at Citibank. For example, voice recognition technology could work easily with existing call center infrastructure. Fingerprint scans, via a mouse, can improve authentication for Internet transactions.
And biometrics can reduce the number of forms of ID a bank must manage, said Karl Ware, vice president of solutions services at BioNetrix. Today customers may have to remember different passwords for different accounts.
But tight security isn't the only issue banks should examine, experts said. "They'll tie it to cost savings and security and 'Will I be costing the customer convenience?'" Phitakki said.
Signatures scrawled on electronic pads are attractive because they don't present anything new to the consumer, Phitakki said. Some people hate fingerprinting, however, because of the criminal stigma. And fingerprint checks as law enforcement agencies currently conduct them aren't done in real time, Ticer added.
One marketing strategy: offer customers a choice of biometric methods to access their accounts. In exchange, banks can promise greater security and faster service for those using voice recognition, for example, instead of PINs.
So why haven't banks introduced biometric authentication on a large scale?
High implementation cost is the biggest obstacle, according to research by TowerGroup. Banks would have to retrofit equipment with new biometric devices, train staff and educate consumers.
Banks can recoup costs by cutting the number of password resets, Ware said, citing one institution that changed 5,000 passwords per month at a cost of $12.50 each. It broke even on its BioNetrix products in six months.
Up-front costs remain high, though they're dropping, Ticer said. The critical mass of electronic transactions needed to make biometrics cost-effective is just coming about now, he said. And banks need technological infrastructure capable of handling a variety of biometric methods across many access channels.
"It's not about the technology. It's about the system," Ticer said. "The system has to evolve... you've got to be prepared to adopt technologies and morph this system to them."