Author: Kevin Phillips
Until recently, access to our online and mobile banking platform has been provided by the ubiquitous ‘username and password’ security challenge we have come to expect. Sometimes this has been augmented with a second security factor, like an SMS ‘one time code’ or small hardware token, designed to make it harder for hackers and fraudsters to gain access. While this does make it more difficult, it also makes the journey harder for the legitimate user as well, which is why it has not been widely adopted anywhere without enforcement by stiff regulation.
As we see the rise in cybercrime across the financial services industry, keeping the security status quo is no longer an option. As hackers become more adept at tricking and stealing passwords from unsuspecting customers, organisations are looking for new and more secure ways of allowing authorised users to access their digital services. The digital banking solutions that they are moving towards involve authorising access by validating a customer’s unique human characteristics – otherwise known as biometrics.Hackers become more adept at tricking and stealing passwords from unsuspecting customers Click To Tweet
From all of the excitement and innovation that is apparent in the market, we can be excused for thinking that this is actually something new: but in fact, the ‘password only’ challenge is a rather recent and sub-standard anomaly in the wider world of identity recognition.
In the animal kingdom, determining from the shape, smell, size and sounds of another creature whether they are a threat or a member of the same family, pride or troop, is an instinctive and instantaneous reaction. Having to recognise a predator from just a benign visitor is often a matter of life or death. Human reaction is just the same. From the moment we are born we learn to recognise our parents and those around us regularly as those who offer comfort and security. When a child meets someone new, the reaction is most likely one of caution, manifesting itself as shyness and a reliance on a trusted adult figure to give reassurance.
We have all been taught to be wary of strangers, and for a high percentage of the time, we get it right. How do we do this? We use biometric authentication methods to challenge and confirm identity.
Friend of Foe
Combined biometric and password authentication has been used for centuries in the theatre of war. I’m sure we are all familiar with the phrase, “halt, who goes there?” You can go as far back as you like into military history, you will find that the combined use of verbal and visual challenges are the most common and reliable form of identity recognition. In the case of, “who goes there?” the response is expected to be name, rank and regiment, or a password. You could argue that this is only a password challenge, but the challenger would no doubt be trying to detect a foreign accent, stress or hesitancy in the tone as well as recognising the spoken words.
Often following this initial verbal challenge, a sentry would command, “stand forward and be recognised.” Certainly, a guard would want to check that the person was in fact who they say they were. This was, and arguably still is the most important part of the identity challenge. You might be able to learn the words, and you may even be able to say them in a convincing way, but it is much harder to wear the right uniform, carry the right equipment and most importantly be known and recognised by the challenger as a friend and not a foe.
In essence, the most important elements of any security challenge – those being the hardest to replicate – are the personal characteristic components, including sound and visual recognition: biometric security in action.
So, why are password-only challenges used in today’s digital world at all? Well, because until recently the technology has been limited to the use of keyboards and inert screens. Now, with the recent mass adoption of high resolution cameras built into touch screen devices, we are seeing the explosion of biometric recognition solutions.
Knowing now that this is nothing new should help with mass adoption by both the financial service providers and their customers – because, when we think about it, we have been doing it instinctively since the day were born.