Membership is FREE!   Professional Designations for Business & Technology Professionals


Dual biometrics for banking: Double trouble or super-secure?

2 Mins read

Two European banks are looking to boost security by layering a pair of biometric authentication methods – facial recognition and palm recognition – atop one another. That could mean more security, or more headaches for users.

In an unusual experiment, two European banks (one in Hungary, the other in Spain) are trying to boost security and – non-intuitively – convenience by layering one biometric authentication method on top of another.

The two biometrics are facial recognition and palm recognition – both performed via a mobile device – and the banks are Hungary’s OTP Bank and Spain’s Liberbank; the vendor behind the effort promises imminent deployments in Slovenia and the UK. It’s clear that such an approach would theoretically be more secure, but is such a combo going to mean too much friction for the typical customer? Or will users accept a minute amount of additional effort to better safeguard their money?

Hungarian vendor PeasyPay is running the deployments and experienced a variety of initial problems, including some language conversion issues (“minor misunderstands, problems with email validation”) and “sometimes slow payment process start because of push notification service provider lags,” according to PeasyPay’s product leader Csaba Körmöczi.

The intriguing aspect here, though, is whether this approach truly delivers the best of both worlds. Does it negate the downsides of both biometric approaches or does the combo inherit the problems from both? Facial recognition can sometimes be tricked by a three-dimensional representation of the user, and can encounter light and facial changes issues. Palm recognition has fewer drawbacks, as long as the palm hasn’t been damaged (likely burned) since the initial image was captured.

Körmöczi didn’t offer any specific figures, but did stress that the app allows the business (banks, in these cases) to choose in settings how strict they want to go, which is true for many biometric authentication systems.

“So one system can be fine-tuned for more security – lower false acceptance rate, but higher false rejection rate [FRR], so less convenient – or for easier usage, with lower false rejection rate, but higher false acceptance rate, so less secure. With multimodal biometric authentication methods, if we have two independent factors, the combined FAR will be very low, about the product of the two original FARs,” Körmöczi said. “So we can decrease the thresholds in order to achieve low FRRs, and still we will have a high security system (low FARs).”

This is tricky business. As a practical matter, businesses are supposed to consider the value/risk of the service being performed and then figure out the friction/convenience level. When Apple initially deployed biometrics to open an iPhone, it permitted an unusually high false acceptance rate so that the user experience would be pleasant. And given that it was replacing in most instances a very weak bit of security (a 4-digit password), it was still meaningfully more secure.

But when the app is from…

Read The Full Article

Related posts
Cloud ComputingCybersecurity

DOD to move 18M biometric records on ‘threat actors’ to AWS’s cloud

1 Mins read
The Department of Defense wants to modernize an 18-million-record system of biometric data on adversaries by moving it to Amazon Web Service‘s cloud, the department indicated…

84 percent of Canadians wary of interacting with organizations hit by data breach: report

1 Mins read
54 percent of respondents said they have received ‘a lot more’ suspicious emails in the last six months A new study from…

FBI ‘Drive-By’ Hacking Threat Just Got Real: Here’s Why You Should Be Concerned

2 Mins read
Warnings that our IoT devices might be spying on us are nothing new—remember the smart speaker fiasco last year? But at least we…

Yes, I have read and live by this Code of Ethics - We are BIZTEK, located in Mississauga, Ontario. Business Certification is an important part of doing business in Canada. Join us to set new standards and professionalism to the technology sector. We will email you regarding issues that affect business and technology professionals in Canada. Contact us at or call us at 647 499 2744. You can unsubscribe at any time.


Leave a Reply

Your email address will not be published. Required fields are marked *