With hackers and cyber criminals using ever more sophisticated methods to gain our precious data and evade conventional security processes, increasing our financial security has become an even more urgent matter.
Imagine you’re in a big city, you’ve been mugged and now all you have on you is the clothes you stand in. Then imagine that your most precious asset to prove your identity and get yourself home was your fingerprint. The reality of this may not be too far away, with the impact of advancements in cyber security on consumers and commerce growing exponentially. But how will these changes impact our behaviour as both consumers and retailers?
We are all aware of how important fingerprints are in fighting crime, given their distinctiveness to each individual. However, what we may not be so familiar with is how fingerprints and other biometrics are increasingly being mooted as ways of securing our financial transactions.
Fingerprint authentication is fast becoming the buzzword among the financial community. The rise of fingerprint authentication has come about due to the rise of fingerprint scanning technology. The scanner takes an image of the fingerprint and determines the pattern of ridges and valleys matches the pattern of your fingerprint in a pre-scanned image.
Binary code represents the fingerprint used for verification and the algorithm may never be converted back to an image, so there is no possibility of ever duplicating fingerprints. Just think how this style of encryption would free us from the endless passwords and pin numbers which we are forced to recall on a daily basis. How much lighter would our brains feel by the release of such data?
Providence-based Citizens Financial Group Inc. incorporated fingerprint ID in its mobile banking app for selected iPhone users in 2013. Headquartered in Boston, Fidelity Investments has been letting customers use fingerprinting to log in and pay bills and make trades since 2013. This was swiftly followed by Bank of America Corp, the second largest US bank in asset terms, who has also been using touch identification for iPhone and Android since 2013. Others are swiftly following suit.
Brad Conner, vice chairman of consumer banking at Bank of America says that touch ID is "possibly more secure than a password". He adds: "The consumer expectation is for banks to keep up, what customers see as capabilities in other areas they expect their financial institutions to provide."
Any authentication system is looking for what you have – pass card, what you know, password, who you are, ID. Therefore, the fingerprint system immediately negates the need for 'what you have'. Users don’t need to worry about carrying a pass or dongle. With fingerprint systems, you can’t guess a fingerprint, you can’t misplace it, and you can’t forget your fingerprint like you can your passcode.
Fingerprint technology opens up many possibilities, such as clocking into a workplace, scanning fingerprints to access cash machines and access to restricted areas in buildings. Of course, finger scanning is also being used as security to unlock phones and homes. In the future, it could enable us to pay for goods in shops or online.
Aside from the convenience and immediacy of finger scanning for consumers, employers will have access to a database of information about their employees. This is particularly useful if you employ bank staff or require criminal record checks as finger scanning will enable employers, subject to data protection legislation, to access criminal record histories and flag up relevant issues.
It also has implications for police and may in the future lead to greater international co-operation regarding international crime and border security. Just think, there would be no need to worry about carrying your medical records, academic qualifications, birth or marriage certificates to prove your credentials - the information would be accessible through a fingerprint and working in another country would be much easier.
However, therein lies the age old problem. The more we rely on servers, the more vulnerable we are to attack. Estonia, highly regarded for its advanced integrated cyber technology throughout its social structure - from top government through to local educational establishments - suffered a set of coordinated attacks allegedly emanating from Russia in 2007.
This led to several organisations being set up to counter cyber terrorism and Dodos attacks (distributed denial of service), as well as a set of new regulatory powers for key service providers such as internet service providers and telecoms companies. Cooperation with NATO via their Cooperative Cyber Defense Centre of Excellence (CCDOE), based in Tallinn, is one such organisation which is driving cyber security. One measure that has come out of this partnership, is the backing up of Estonian databases to international servers, thus ensuring that they are protected from the reaches of more localised attacks.
Our thirst for new technology and desire to simplify authentication processes and transactions is undoubtedly going to herald a welcome influx of new exciting new ways of doing business. However, what must kept in mind is that while we may welcome the local security and simplification of transactions, we must remember that our international security could be subject to greater attack. Once we open the Pandora’s box, we must be equally be prepared for the consequences.