Membership is FREE!   Professional Designations for Business & Technology Professionals

Cybersecurity

Dual biometrics for banking: Double trouble or super-secure?

2 Mins read

Two European banks are looking to boost security by layering a pair of biometric authentication methods – facial recognition and palm recognition – atop one another. That could mean more security, or more headaches for users.

In an unusual experiment, two European banks (one in Hungary, the other in Spain) are trying to boost security and – non-intuitively – convenience by layering one biometric authentication method on top of another.

The two biometrics are facial recognition and palm recognition – both performed via a mobile device – and the banks are Hungary’s OTP Bank and Spain’s Liberbank; the vendor behind the effort promises imminent deployments in Slovenia and the UK. It’s clear that such an approach would theoretically be more secure, but is such a combo going to mean too much friction for the typical customer? Or will users accept a minute amount of additional effort to better safeguard their money?

Hungarian vendor PeasyPay is running the deployments and experienced a variety of initial problems, including some language conversion issues (“minor misunderstands, problems with email validation”) and “sometimes slow payment process start because of push notification service provider lags,” according to PeasyPay’s product leader Csaba Körmöczi.

The intriguing aspect here, though, is whether this approach truly delivers the best of both worlds. Does it negate the downsides of both biometric approaches or does the combo inherit the problems from both? Facial recognition can sometimes be tricked by a three-dimensional representation of the user, and can encounter light and facial changes issues. Palm recognition has fewer drawbacks, as long as the palm hasn’t been damaged (likely burned) since the initial image was captured.

Körmöczi didn’t offer any specific figures, but did stress that the app allows the business (banks, in these cases) to choose in settings how strict they want to go, which is true for many biometric authentication systems.

“So one system can be fine-tuned for more security – lower false acceptance rate, but higher false rejection rate [FRR], so less convenient – or for easier usage, with lower false rejection rate, but higher false acceptance rate, so less secure. With multimodal biometric authentication methods, if we have two independent factors, the combined FAR will be very low, about the product of the two original FARs,” Körmöczi said. “So we can decrease the thresholds in order to achieve low FRRs, and still we will have a high security system (low FARs).”

This is tricky business. As a practical matter, businesses are supposed to consider the value/risk of the service being performed and then figure out the friction/convenience level. When Apple initially deployed biometrics to open an iPhone, it permitted an unusually high false acceptance rate so that the user experience would be pleasant. And given that it was replacing in most instances a very weak bit of security (a 4-digit password), it was still meaningfully more secure.

But when the app is from…

Read The Full Article

Related posts
Cybersecurity

Massive Supply-Chain Cyberattack Breaches Several Airlines

4 Mins read
The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers. A communications and IT vendor…
CybersecurityData Breaches

International cybercops derail botnet used to extort, steal data around the globe for years

4 Mins read
FBI also announced the arrest of a Canadian on Wednesday in connection to a ransomware attack The Associated Press · Posted: Jan 27, 2021…
CybersecurityUncategorized

Facebook will shut down its spyware VPN app Onavo

4 Mins read
Josh Constine@joshconstine / 8:43 PM EST•February 21, 2019 Facebook will end its unpaid market research programs and proactively take its Onavo VPN app off…
Join BIZTEK

Yes, I have read and live by this Code of Ethics - https://biztek.org/code-of-ethics/. We are BIZTEK, located in Mississauga, Ontario. Business Certification is an important part of doing business in Canada. Join us to set new standards and professionalism to the technology sector. We will email you regarding issues that affect business and technology professionals in Canada. Contact us at info@biztek.org or call us at 647 499 2744. You can unsubscribe at any time.