Biometric Security & Correct Password Management in Fintech

From a security standpoint, biometrics are making great strides in more traditional digital financial services. Only biometrics can provide the high level of security that banks and other financial institutions require with the ease of use that online customers desire, and that can give fintech companies employing these security measures an edge.

According to a new report from the Business Performance Innovation Network and the CMO council, businesses that rely on passwords – instead of simple, secure biometric identity verification measures, for example – will lose customers to the competition. 81 percent of consumers actively seek out brands that deliver an instant identity verification or authentication experience, especially when it comes to accessing money and other financial information. Firms implementing this level of security have set the bar – and fintech companies are taking notice.

Fintech's success story in online banking

Turkish bank Garanti BBVA has begun using facial recognition software to reach and enroll new online customers to open an account. Their mobile onboarding solution allows customers to use their own devices to securely open new accounts, and biometric onboarding with document verification allows new customers to be registered and verified.

This is a trend we’ll likely see more of in 2022 and beyond. At Aware, our mobile biometric framework processed nearly five times the number of transactions in 2021 than in all of 2020. New, exciting applications aimed at bringing better biometric security to consumers are being developed all the time. The ease of use and security these solutions provide should be attractive to fintech companies, especially as financial services account takeovers are becoming increasingly prevalent.

Account takeovers – a form of identity fraud where fraudsters use stolen credentials to break into digital financial accounts of real customers – rose by 19 percent in 2020 compared to 2019. Because of the large amounts of securities banks and fintechs deal with daily, account takeover fraud is incredibly lucrative for fraudsters and can be devastating for businesses and their customers. Biometrics such as facial recognition can protect against this.

Fintech and limitations of password use

Passwords are inherently weak because they are something a person has, not something they are. In other words, passwords are easy to steal, susceptible to phishing and malware, and simple to compromise. Research shows that people tend to reuse passwords across online services. It’s understandable; passwords are hard to remember and often quite complex, and having to reset a forgotten password is costly.

But all this means that once a criminal acquires login credentials from one breach, they could potentially have the key to unlocking many more accounts protected by the same username and password. New breaches happen all the time, and amassed stolen credentials usually end up being shared or sold in online criminal markets. If access to a fintech or bank wasn’t governed by a password, but instead biometrics, how might security and benefits improve from both users and providers?

Biometric authentication and fintech security

Biometric authentication is a method of verifying a user’s identity using a piece of who they are, such as their fingerprint, facial features, iris structure or behavior. These factors contain unique data points that cannot be replicated. 

Biometric authentication can help fintech firms enhance security; by integrating facial or fingerprint recognition or other biometric modalities into the fintech app experience, customers will feel their information is more secure and don’t have to bother with remembering a large number of different passwords – and only having to present their face, eye, or voiceprint instead. In fact, many users are already familiar with this authentication process as most cell phones offer fingerprint- or facial-unlocking security options.

In spite of all the benefits, certain forms of biometrics, particularly facial recognition, have come under fire lately as a violation of privacy. After all, your “faceprint” is your personal data and many people aren’t comfortable with the idea of their faceprints being used or shared without their consent. This has the potential to remove the anonymity many people expect in public places, including online. It has even been proposed that by “linking” a person’s face to another source of personal information such as social media platforms, people could be discriminated against based on age, race, or location.

The key to implementing facial recognition is to do so with several safeguards in place, most notably clear opt-in and opt-out options. For example, if you’re implementing biometric authentication in your fintech app, be sure there is a clear option for users to choose not to store their facial imprint in the app and instead log in with a password or other form of authentication. It’s not likely many users will choose this option, but it’s important to offer it nonetheless. And it goes without saying, but be sure your chosen biometric authentication system has a reputation for accuracy; and maintains the utmost security for the data being collected.

As the report cited at the beginning of this article notes, a poor authentication experience can seriously tarnish a brand’s reputation.  Simplifying and improving authentication through capabilities like biometrics can be a key to growing your fintech business and building customer loyalty.

About the author: Dr. Mohamed Lazzouni is the CTO of Aware - a Boston-based technology company that provides security solutions for the fintech industry. He began his rise in the technology and securities world by obtaining a MS in Physics while studying at The University of London and was awarded a Distinction for completing the MS course work and thesis with exceptional grades. Dr. Lazzouni then attended Oxford University in England where he earned his PhD in Physics.