Banks are racing ahead in deploying biometric systems in an attempt to control rising levels of financial fraud and to reduce friction on inconvenient forms of authentication and fraud management.
There are many different competing biometric modalities that
banks can implement but what criteria do (or should) they use to ensure that
the biometric system is appropriate.
Through Goode Intelligence, I have been involved in a number of consultancy
engagements with banks and suppliers to assist them in assessing and choosing the
most appropriate biometric system to meet their requirements.
Based on this experience, and engagements with a wide range of biometric and authentication
technology companies, we have devised an assessment methodology that banks and systems integrators
can use to ensure that the most appropriate biometric system is chosen.
The
Goode Intelligence Banking Biometric System Assessment (BBSA) tool is based on
four interlocking parts, biometric performance, usability,
regulation
and security. It is also applicable to other highly regulated industries including healthcare, government, telecommunications and utilities.
The methodology provides guidance to banks in assessing biometric systems and exactly how a bank weights the assessment criteria is
dependent on their own set of circumstances such as budget, security policy,
bank channel, regulatory environment and risk and privacy models.
There will obviously be other technical and non-technical
assessment criteria that a bank will use including integration, scalability and
support models etc.
Biometric Performance: The assessment of the biometric performance and accuracy
of a banking biometric system includes measurement of False
Reject Rates (FRR), False Acceptance Rates (FAR) and
Failure to Enrol Rates (FER). The accuracy of a banking biometric
system is expressed as an Equal Error Rate (ERR). It is important to be pragmatic when assessing biometric systems using these standard biometric performance measurements as 'lab conditions' may not match those experienced by a banks' customers when they are using the technology. It is important for a bank to ensure that they can continuously measure the performance of a live biometric system and banks must ensure that their suppliers can meet this requirement.
Usability: Today’s app-driven world means that getting usability right
across a wide-range of devices is essential. What might be an appropriate
biometric modality in terms of usability at an ATM might not be appropriate
when a bank customer is authenticating themselves via a mobile app or via an
Interactive Voice Response (IVR) solution. A pilot or proof-of-concept (POC) provides an opportunity
for banks to evaluate a biometric system and different biometric modalities.
Financial institutions should build usability measurement into these pilots and
POCs and to gather feedback from users in reference to how easy the biometric
systems are to use. Regional differences also play an important part in the usability choices of a bank; a biometric system that is suitable for one region may be inappropriate for others.
Security: When evaluating a biometric system for banking, banks should
ask whether the system is secure and able to meet internal and external
(regulatory) security requirements. Biometric systems must adhere to security policy and
regulation and biometric data, including templates, should be securely
captured, encrypted and stored.
Regulation: Banking (industry) regulation is the fourth main component
of the assessment of a biometric system for bank use. Biometric systems in banking is currently controlled by a
mixture of data protection and privacy regulation, such as the EU’s Data
Protection legislation, technology-based guidelines including the US’s FFIEC
guidance on the use of authentication in an internet environment, and specific
financial services regulation including the EU’s Payment Services Directive II
(EU PSD II).
We have published more information on our banking biometric system assessment methodology / tool in our recently published report; Biometrics for Banking; Market & Technology Analysis, Adoption Strategies and Forecasts 2015-2020. Goode Intelligence's biometric advisory and consultancy service aims to assist organisations in choosing the most appropriate biometric systems - contact us for more information.
