How biometrics and geolocation can benefit online banking
Today we can carry out any banking or stock transaction through the Internet: deposit checks, buy shares, transfer money between accounts... and all this from the comfort and security of our home.
The non-stop evolution of technology generates new opportunities but also new challenges: hackers are using increasingly sophisticated methods and financial companies need to keep updated in order to prevent cyber attacks and identity thefts which could cause million-dollar losses.
For these reasons, security has always been a top priority when creating online financial systems. And the truth is that they have achieved high levels of reliability, which will increase even more with new technology developments.
Biometrics, the future of security
Biometric authentication systems (based on the recognition of a person based on his physical or behavioral characteristics) will play an important role in the security of financial services in the nearest future, sooner than what we may imagine.
Advances in technology have brought computers with precise methods of eye and face detection (in 2D and 3D), and even mobile devices like the iPhone or iPad include fingerprint readers. Devices that not long ago would have seemed science fiction are now quite affordable.
But IT innovators are taking biometrics one step further. Companies like Nuance Communications work with financial institutions in speech recognition systems that not only identify a person by the voice, but analyze up to 100 different features such as accent, tone and rhythm of speech in order to prevent fraud.
Another example of a company that is committed in this line of work is Hitachi. The Japanese corporation has developed a reader of finger veins that identifies people with no risk of error. The method is already being implemented by some UK banks.
Combined with other behavioral analysis (which have been applied quite successfully for years) and artificial intelligence, these techniques will allow to combat cyber crimes even before they occur.
But there is still one challenge: biometric data must be translated into the language of zeros and ones that computers understand. This information has to be stored, and it could be the target of attacks or stolen if there is a security breach. That is why it is important that biometrics data stay where they are: with the user.
For example, in the case of Hitachi’s reader, the own device is in charge of saving the information and generating an encrypted message once the identity of the user is verified. The problem is that these devices are not yet widespread and their price is too high. However, there is a device that is all around the world and is quite affordable economically: smartphones.
Security in online banking
With the boom of mobile technologies, the number of people using smartphones to access their banking accounts has grown steadily (18% in 2012, 35% in 2013, 51% in 2014), surpassing even the most optimistic expectations. And users are asking financial institutions to provide them with apps for phones and tablets with different levels of access to their accounts.
New technologies also mean new challenges. In addition to “traditional” online security techniques (such as encryption, SSL / TLS), developers now also have to take into account specific security measures for mobile devices:
Detect "jailbreaks": they unlock some features of the operating system for more functionality and also provide more functionality to malicious applications that might gain access to confidential information. Therefore, developers should avoid financial applications to run on these devices.
Avoid keeping information on mobiles/tablets: either through logs or the local database, user data must not be stored in the device in any way.
However, the use of mobile devices opens a new world of possibilities in security: besides from the fingerprint readers mentioned above (used in systems like ApplePay) they also have photo and video cameras that can be exploited to obtain biometric information, as well as GPS.
Geolocation allows to know where a mobile device is physically, thus allowing to create restricted access regions, i.e. banking operations can only be performed if the mobile device is within a zone known and approved by the user, and would be canceled if they are made from a suspicious area.
That same geographical information can be used to create more robust authentication methods and avoid cases of phishing and money laundering. Also, knowing the location of the client allows the banking application to offer an extended user experience, for example providing local information or discounts for nearby shops.
An example of how geolocation is being applied successfully in the real world can be seen in the alliance between MasterCard and Syniverse. They have developed a system that matches a credit card and a mobile phone: when the card is used the location of the phone is detected via GPS and the system checks if it matches the place where the transaction was made.
Although currently this is a pilot program (customers must register in advance), it is quite promising because it prevents irregular transactions while avoiding common issues when travelling abroad (for example: blocking of cards when operations in different countries are detected).
Financial institutions and banks are investing in security systems that use biometrics and geolocation, investing in new advances and contributing with their research (either directly or through partnerships with other companies) to improve online security.
This investment is also helping them attract talent. This context is ideal for professional development opportunities for programmers and software engineers, who can find in the banking sector an environment that facilitates innovation and growth, especially in the different areas of information security.
The increase in the use of mobile devices and the continuous improvement in security systems are also paying off in other ways. Banks are opening to technology, increasing their online presence and making the phrase "if you're not online, you don’t exist" more valid than ever. Not only because it is a good marketing strategy, but also because it is what their customers demand.
Thus, e-banking has grown in recent years so much that it is starting to replace branches. Since 2007 the number of bank branches in the US is stagnated, while the number of clients who use electronic banking is soaring.
Source: Federal Reserve, March 2014.
The rise of the Internet of Things and the improvement of security systems are only going to underline this trend in the future, and we will see how banks and financial institutions turn increasingly to the Internet and to applications.