Membership is FREE!   Professional Designations for Business & Technology Professionals

Cybersecurity

Dual biometrics for banking: Double trouble or super-secure?

2 Mins read

Two European banks are looking to boost security by layering a pair of biometric authentication methods – facial recognition and palm recognition – atop one another. That could mean more security, or more headaches for users.

In an unusual experiment, two European banks (one in Hungary, the other in Spain) are trying to boost security and – non-intuitively – convenience by layering one biometric authentication method on top of another.

The two biometrics are facial recognition and palm recognition – both performed via a mobile device – and the banks are Hungary’s OTP Bank and Spain’s Liberbank; the vendor behind the effort promises imminent deployments in Slovenia and the UK. It’s clear that such an approach would theoretically be more secure, but is such a combo going to mean too much friction for the typical customer? Or will users accept a minute amount of additional effort to better safeguard their money?

Hungarian vendor PeasyPay is running the deployments and experienced a variety of initial problems, including some language conversion issues (“minor misunderstands, problems with email validation”) and “sometimes slow payment process start because of push notification service provider lags,” according to PeasyPay’s product leader Csaba Körmöczi.

The intriguing aspect here, though, is whether this approach truly delivers the best of both worlds. Does it negate the downsides of both biometric approaches or does the combo inherit the problems from both? Facial recognition can sometimes be tricked by a three-dimensional representation of the user, and can encounter light and facial changes issues. Palm recognition has fewer drawbacks, as long as the palm hasn’t been damaged (likely burned) since the initial image was captured.

Körmöczi didn’t offer any specific figures, but did stress that the app allows the business (banks, in these cases) to choose in settings how strict they want to go, which is true for many biometric authentication systems.

“So one system can be fine-tuned for more security – lower false acceptance rate, but higher false rejection rate [FRR], so less convenient – or for easier usage, with lower false rejection rate, but higher false acceptance rate, so less secure. With multimodal biometric authentication methods, if we have two independent factors, the combined FAR will be very low, about the product of the two original FARs,” Körmöczi said. “So we can decrease the thresholds in order to achieve low FRRs, and still we will have a high security system (low FARs).”

This is tricky business. As a practical matter, businesses are supposed to consider the value/risk of the service being performed and then figure out the friction/convenience level. When Apple initially deployed biometrics to open an iPhone, it permitted an unusually high false acceptance rate so that the user experience would be pleasant. And given that it was replacing in most instances a very weak bit of security (a 4-digit password), it was still meaningfully more secure.

But when the app is from…

Read The Full Article

Related posts
CybersecurityPrivacy

EU Hits Amazon with record-breaking $887M GDPR fine over data misuse

2 Mins read
Carly Page@carlypage_ / 11:06 AM EDT•July 30, 2021 Luxembourg’s National Commission for Data Protection (CNPD) has hit Amazon with a record-breaking €746 million ($887…
CybersecurityData BreachesPrivacy

Emmanuel Macron identified in leaked Pegasus project data

6 Mins read
The leaked database at the heart of the Pegasus project includes the mobile phone numbers of the French president, Emmanuel Macron, and…
CybersecurityPrivacy

Internet Privacy in the Age of Surveillance

9 Mins read
Pew Research Center reports that “91% of adults agree or strongly agree that consumers have lost control of how personal information is…
Join BIZTEK

Yes, I have read and live by this Code of Ethics - https://biztek.org/code-of-ethics/. We are BIZTEK, located in Mississauga, Ontario. Business Certification is an important part of doing business in Canada. Join us to set new standards and professionalism to the technology sector. We will email you regarding issues that affect business and technology professionals in Canada. Contact us at info@biztek.org or call us at 647 499 2744. You can unsubscribe at any time.