Connect with us

Technology

IN CONSUMER BIOMETRICS WE TRUST: AUTHENTICATION FOR THE DATA PRIVACY AGE

Published

on

AUTHENTICATION

Jonas Andersson, Head of Standardization at Fingerprints

Data privacy is high on the global agenda. In the wake of data protection policies such as Europe’s GDPR, ensuring the integrity of personal data is an increasingly pertinent subject. This is a governmental and corporate policy reflection of the fact that our lives are moving increasingly online and, with it, our personal data is facing new and increased threats.

For all access to private data or services, we must be authenticated – this is the basis of privacy in the online world. But as PINs and passwords are increasingly viewed as insufficient to tackle this new reality, the world is looking to stronger authentication solutions, such as biometrics.

When implemented in the right way, biometrics will bring multiple benefits. It already enabled consumers to add layers of authentication to personal data previously unsecured in their owned devices – from apps and e-commerce, to our homes and devices. But its potential is phenomenal. Consumer-driven authentication via our phones and tablets is already today by far the largest application of biometrics in the world, with figures in the billions that dwarf government-led identification schemes such as India’s Aadhaar and the FBI database.

Crucially though, it’s a privacy and security measure that consumers have the power and choice to implement. And as third parties, such as financial services, healthcare and enterprise organizations, increasingly accept consumer biometrics authentication for their services, supporting the market’s continued adoption is an important and timely topic. But first, as biometrics creates its own sensitive personal data, there are a few points to clarify and discuss…

 

Consumers need confidence!

Undeniably, the success of existing applications of consumer biometrics is based on the advantages they offer consumers. Just look at the penetration and use of fingerprint biometrics in smartphones. But the success of future adoption will be determined by how confident consumers continue to feel in new situations. We’re frequently reminded not to use the same password or PIN multiple times, so it’s only natural consumers are beginning to feel concerned of their biometrics integrity as they start to utilize their fingerprint on multiple devices and apps: their phone, tablet, card, USB dongle…

In fact, consumer device authentication utilizes a ‘privacy by design’ approach that inherently protects end-user biometric data with an on-device authentication approach – where biometric data is enrolled, stored and managed all on the same device. The following principles have been fundamental to biometrics’ privacy protection in mobile and are what will enable new benefits for consumers in other personal device-based scenarios:

Translating images to templates

It’s a common misconception that biometric data, such as fingerprints, are stored as images. And in turn, if this image is accessed, the corresponding fingerprint is permanently compromised and unable to be restored or used securely on other applications. You’ll have heard the argument about biometrics: “I can change my password any time, but I only have ten fingerprints; what happens if they’re all hacked?”

In fact, data from a biometric sensor is captured and stored as a template in binary code – or encrypted 0s and 1s. This mathematical representation makes hacking basically pointless as, even if fraudsters could access the template, they can’t do anything with it. Template code cannot be reverse engineered into the original fingerprint image, nor can it be linked to other services and, in turn, other personal data. Moreover, this template is unique to the device it is on, making it impossible to re-use between devices, even if the same fingerprint has been enrolled!

The consumer is in control

This neatly leads on to my next point regarding storage. In consumer authentication use cases, information remains solely on the unique consumer device on which the template was created, remaining physically in control of the user.

Our recent consumer research found 38% were unwilling to share their biometric data but, with this approach, no data needs to be shared with third parties or cloud-based databases as everything is stored, and the authentication process is contained, within a single personal device.

Layers of security

Layering defense mechanisms is standard best practice for a range of security implementations – biometrics is no different. In addition to the transformation of biometric data into an irreversible template, these templates are also later encrypted and further protected by hardware and software both at rest and during the matching process.

The most successful example of a biometrics use case, the smartphone, utilizes the highly secure software isolation of Trusted Execution Environment (TEE) technology for storage and matching of biometric templates on device. The hardware on which it runs is intrinsically secured through its high degree of integration, complexity, miniaturization and specialization.

This approach is also championed by new use cases such as biometric payment cards. Here, the Secure Element (SE) – the chip technology that secures the financial data in your bank card – is utilized to store, process and match biometric information within the confines of the card. This treats biometric templates with the same security as the PIN and other financial data that is stored on our payment cards.

Removing the weakest link

Nothing is ‘un-hackable’, this is the reality of security. With enough time, money and effort, it’s possible to get into anything. A safe, a bank vault. However, attackers take the path of least resistance, and often it’s the end-user that is the ‘weakest link’ in the security chain when it comes to social engineering attacks.

End-users are vulnerable to attacks, such as phishing, where they can be tricked into giving away information such as a PIN or password. With consumer biometrics, the user only presents their biometrics to their personal device and can’t give anything away. This also removes the risks generated by mistakes or complacency, such as creating a password that’s easily guessed.

 

More authentication = more protection

Biometric authentication can protect a whole host of other sensitive personal data, far more quickly, conveniently and securely than was ever possible with PINs or passwords.

Today however, passwords and PINs remain the most used authentication methods outside of smartphones – something increasingly problematic. The friction created by asking users to create a new password has a significant impact on drop-out rates – especially as new ‘best practice’ guidelines recommend complex requirements such as including numbers, capitals, special characters and length. NIST’s digital identity guidelines outline the importance of usability challenges and stress, fundamentally, “positive user authentication experiences are integral to the success of an organization achieving desired business outcomes.”

6 out of 10 consumers feel they have too many PINs and passwords and worry about forgetting them. Unsurprisingly, 41% also admit to re-using the same PIN code or password across multiple sites, apps and devices. So, not only are PINs and passwords frustrating for consumers, they’re also becoming less secure.

Biometrics can be the authentication silver bullet as it combines security and a convenient UX, with leading fingerprint sensors authenticating in under a second. Its capacity to bring security to devices and processes previously either unsecured, poorly secured, or secured with a poor UX is phenomenal. Mobile is the perfect example of how it has been able to transform a device from being unsecured most of the time, to now only unlocked when in use. And now, just look at how your bank accepts your fingerprint authentication on your phone for access to your account.

With consumer biometrics, its quick and effortless to enroll onto new services and subscriptions. Consumers are happy to authenticate more frequently, because it’s so simple and the action is so intuitive. Plus, you cannot forget your fingerprint…

 

Consumer biometrics: on the agenda

It’s clear that biometrics is key to many organizations’ plans for privacy and security, but don’t just take our word for it. Many industry and government initiatives are moving quickly.

Europe’s GDPR highlighted biometrics as ‘sensitive personal data’ which clearly needs to be protected in the right way. Meanwhile, the benefits and integrity of consumer device biometric authentication were also recognized by Europe’s financial services directive, PSD2, citing biometrics as a trusted factor under its strong customer authentication (SCA) mandates.

Looking to industry bodies, FIDO Alliance is gaining significant traction in formalizing the quality and security of personal authentication with biometrics. Its work is complementing rising initiatives such as Self Sovereign Identity (SSI) models, whereby individuals or organizations are endeavoring to have sole ownership of digital identities and control how this personal data is shared and used. With an owned, FIDO-certified biometrics-secured device, users can add another authentication layer over stored digital identifiers.

For several years, we’ve also participated in industry body GlobalPlatform’s work to verify and standardize the quality of security protection on TEE. The biometric API extension defines security protections specifically around biometrics and is highly referenced in mobile implementations, and increasingly in new devices such as key fobs and home security devices too. With the dawn of the biometric payment card, we’re also supporting GlobalPlatform to define an SE specification for biometric cards.

The combination of government and industry engagement is setting the scene for so much more to be achieved with consumer authentication using biometrics. Undoubtedly, biometrics’ role in an increasingly data-conscious world has only just begun to take shape, and excitingly, it’s consumers who have the power at their fingertips – quite literally!

 

Finance

WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS

Published

on

By

Kriya Patel, CEO, Transact Payments

 

While the recent introduction of PSD2 — the second iteration of the EU’s Payment Services Directive — has undoubtedly had an effect on the entire continent of Europe, some regions have been in a better place to take advantage of it than others. Largely thanks to a historical willingness to foster and embrace innovation, the Nordic nations were already something of a global leader in the electronic payments space even before PSD2. Now, it looks as if the Nordics is on course to be the first region in the world to fully realise digital transformation in payments.

With a combined population of 21.39 million, the Nordic markets of Sweden, Denmark and Norway have the highest penetration of electronic transactions anywhere in the world. It’s estimated that cash is only used in 3% of transactions in Norway, with this number only slightly higher in Sweden. Given this context, it’s no surprise that there are nearly twice as many payment cards as there are people, at 41.86 million cards. These cards are used for around 7.8 billion transactions annually — worth more than £205 billion — made at just under 600,000 point of sale (POS) locations and online.

You could be forgiven for thinking that given the advanced state of play in the payments market that there would be few opportunities left for incumbents or new entrants to take advantage of. However, for those who are willing to innovate and diversify there could be market share up for grabs. And there are also plenty of things that payments players in other regions can learn from this market. In this article, we will examine what these opportunities and lessons are.

 

Highly developed market

E-commerce accounts for a very large proportion of overall electronic transactions in the Nordics at between 19 and 22%. It’s a segment that is continuing to grow rapidly, even though cards remain the preferred way to pay online and in person.

In fact, cards account for a huge 85% of all in-person transactions in the Nordics, with debit cards used for two-thirds of all purchases in Denmark, for example. In the background, this is enabled by a highly functional consumer-permissioned digital identification system known as BankID that makes Know Your Customer (KYC) compliance for e-commerce much more straightforward for vendors and customers. This scheme, which was first envisioned more than 20 years ago, is one of the key reasons why this region has made such strong advances in digital payments.

Since 2015, all three Nordic markets have embraced digital wallet solutions – Norway’s Vipps, Sweden’s Swish and Denmark’s Bankort. In the case of Denmark, their digital wallet grew from the Bankort debit card solution shared by major Danish banks. Across all three markets, these home-grown wallets have seen strong growth, with Swish reporting the fastest usage growth in the over-45 segment. These domestic wallets are currently looking to grow their functionality, with parking and bill payments being added on top of peer-to-peer (P2P) money transfers and a debit function.

 

Digital wallets to expand functionality

As digital wallets rise and cards continue to be used for a very wide range of purchases, the Nordic markets continue to seek opportunities to reduce cash use for everyday, low-value purchases such as parking and street vendors. This will create room for mPOS (mobile Point Of Sale) and soft POS systems providers, as well multi-function card products. Loyalty is also likely to be another area for growth, with players keen to ensure that they can retain existing customers and attract new ones from their competitors.

One of the most interesting areas in the Nordic region’s payments landscape is how these digital wallet solutions can expand internationally. While digital wallets are growing rapidly in the domestic space, the capacity of these wallets to be used outside the Nordic region is still very limited. Creating international links for Nordic-only solutions will certainly be an area of growth in the coming years, so providers looking to partner with banks or wallet providers should find a receptive audience in these markets.

As with other European markets such as Spain and Germany, we’re also seeing the rise of specialist banks built to meet the needs of smaller companies in the Nordics. Banks such as Norway’s Aprila are expanding rapidly by taking advantage of PSD2’s Open Banking mandate to access SME credit data and deliver innovative payment products and lending solutions. Corporate credit and debit card products will be a major growth area in the near future as SMEs will finally get the attention they deserve.

There’s a great deal that other regions can learn from the Nordics. While the combined population of the three countries adds up to only around one-quarter of Germany, for example, the relatively low population density has proved a fertile ground for digital payments. It will be interesting to see how some of the more innovative services we see in this region can make international links, or how players in other regions try to replicate them.

Continue Reading

Banking

THE GROWTH OF DIGITAL BANKING: WHY COLLABORATING WITH FINTECHS IS CRUCIAL TO ADAPT TO CUSTOMER DEMANDS IN LIGHT OF THE PANDEMIC

Published

on

The growing customer demand for a seamless digital banking experience looks set to transform how the entire banking industry operates. Traditional banks have been left playing catch up with the emergence of new fintech players and challenger banks. The demand for slick digitally finance solutions is led by the digital native generations, the millennials and Gen Z. However, the coronavirus pandemic accelerated the uptake of online shopping and remote working for whole swathes of the population. Even the older generations have been left wondering why accessing banking services online remains so cumbersome.

Consumers’ growing desire to access financial services through digital channels has already led to a surge in various new banking technologies which are reconceptualising the banking industry. Consumers have rapidly moved to adopt payment solutions such as those offered by apps like Revolut.

Manoj Mistry

Retail banks continue to launch platforms in the Banking as a Service (BaaS) space, in an effort to remain competitive. An example of this in the UK is how NeoBank (Starling) used to only offer business to consumer (B2C) retail banking services. However, once it launched its BaaS platform, Starling was able to rapidly diversify to include consumer services.

New technologies like blockchain and artificial intelligence (AI) continue to evolve, and look set to have an enormous impact on banking over the next three to five years. The type of cryptocurrencies that we have seen to date look set to be far more tightly regulated, given significant governmental concerns about their potential for misuse in cybercrime and money laundering.

In the blockchain space, the transformative development which will accelerate the rise of digital finance is the advent of central bank-backed digital currencies. The US Treasury has described the creation of a digital dollar as a high priority project. China is already trialling its digital Yuan. Meanwhile, the ECB is actively pursuing its plans to launch a digital Euro. The launch of stable, highly secure digital currencies, underpinned by major central banks, looks set to ensure that digital finance will permeate every area of our lives in the not too distant future.

How we use digital finance is also set to change radically. We are used to seeing new technology emerge from Silicon Valley. However, an analysis by KPMG Australia suggests that a new breed of apps which prefigures the future of digital finance has already emerged in the East. The report notes that “super apps” are “already encroaching on traditional financial services territory”.

Super apps are defined as apps which “essentially serve as a single portal to a wide range of virtual products and services. The most sophisticated apps – like WeChat and Alipay in China – bundle together online messaging (similar to WhatsApp), social media (similar to Facebook), marketplaces (like eBay) and services (like Uber). One app, one sign-in, one user experience – for virtually any product or service a customer may want or need.

“Due in large part to their versatility, super apps have quickly become ingrained into users’ daily lives. It is not unusual for a WeChat user in China to set up a date with a friend via instant messaging, make dinner reservations, book movie tickets, order a taxi and pay for every transaction along the way, all using one single app.”

We are already beginning to see trends in this direction in the Western world, with Facebook launching a marketplace and even a dating service within its social network. Facebook also attempted to launch its own digital currency, Libra, but this move stalled when it ran into significant governmental opposition. However, Facebook hasn’t given up, and it is determinedly pursuing the launch of a revamped stablecoin, Diem, which has been redesigned to address regulatory concerns.

A group of Citi analysts recently wrote an interesting research paper, which predicts that “the story of digital money in the 2020s will be the growth of tokenised money”. Noting that both Big Tech and Central Banks “are building new payment formats and rails,” they say that “while stablecoins such as Diem await regulatory approval, they could benefit from the huge network effects of their Big Tech sponsors. In fact, Diem could be an effective tokenised payment format inside the Facebook universe.” The paper predicts that “Stablecoins, such as Diem, could benefit from the huge network effects of their Big Tech sponsors”. With 3.3 billion monthly users, Facebook certainly has remarkable global reach.

The idea of an integrated tech platform which enables people to interact and purchase goods and services – including financial services – is now being pursued by many major players.

Amazon has long been rumoured to be planning to launch its own bank. Yet, research by CB Insights concludes that, “from payments and lending to insurance and checking accounts, Amazon is attacking financial services from every angle without even applying to be a conventional bank.” This is perhaps not surprising. After all, tech companies rarely replicate existing models. They usually find disruptive new ways to achieve the outcomes that consumers want. Even the messaging service, WhatsApp, has recently moved into financial services with the launch of WhatsApp Pay.

As money becomes digitised and tokenised and ever more areas of our lives move online, the distinction between an online marketplace, a social network and a financial services provider will continue to blur. How traditional financial services companies react to these developments remains to be seen. Some may partner with tech companies in creating new services. For example, Visa and Mastercard were involved with Facebook’s Libra stablecoin project. Visa also responded to the popularity of peer to peer payment services such as Revolut by launching Visa Direct, which enables users to make payments directly to another account in 30 minutes. Most major banks now support Apple Pay, which enables users to authorise payment by scanning their face or thumb.

Banks can also collaborate with tech companies in terms of data sharing, in order to better understand what their customers want. A company like Amazon knows what books people like, what music they listen to and what they purchase. By combining such data with wider financial data, remarkably predictive Big Data models could be created. Some banks might increasingly pursue opportunities to monetise data, while others might make privacy their unique selling point.

The banking sector fundamentally deals with money. Yet, the very nature of money is set to change, as it becomes digitised. Banks are no longer merely competing with each other, but they are both competing and collaborating with tech companies and social networks. Looking ahead, the only certainty we have is that we are in for a period of remarkable change.

Continue Reading

Magazine

Trending

News2 days ago

FINTECH COMPANY PAYEN CHOOSES AQILLA FOR ITS LIMITLESS SCALABILITY AND SUPERIOR MULTI-CURRENCY FEATURES

Payen is a fast-growing FinTech company that provides gateway Payment and FX services to online merchants. Having launched in 2010,...

Business2 days ago

THE ACCELERATION TOWARDS A MOBILE FIRST ECONOMY

By Brad Hyett, CEO at phos   Over the last year, we have seen a big shift towards contactless payments....

News2 days ago

NEW RESEARCH REVEALS KEY ROLE OF KYC COMPLIANCE IN DRIVING CUSTOMER LOYALTY, ADVOCACY AND NEW BUSINESS

The impact of financial crime for institutions goes beyond crippling fines   A piece of original research conducted by RegTech...

Business2 days ago

HOW MERCHANTS CAN IMPROVE THE ONLINE PAYMENTS EXPERIENCE

By Alan Irwin, Senior Director of Product at Global Payments UK   The dramatic increase in online shopping over the...

Business2 days ago

JUMP-STARTING PROCUREMENT TRANSFORMATION WITH A CLEAR AND REALISTIC PLAN

by Alex Klein, COO at Efficio Consulting   Following a period of ongoing economic uncertainty, business spend has risen high...

Finance2 days ago

NAVIGATING FINANCIAL SERVICES IN 2021: LOW-CODE TO THE RESCUE

Nick Ford, Chief Technology Evangelist, Mendix   Financial services are the poster child of great digital transformation: today, Britons can...

News2 days ago

PAYSAFECARD AND NEO EXTEND THEIR SUCCESSFUL PARTNERSHIP

paysafecard, a market leader in eCash payment solutions, and NEO, one of the most successful FIFA teams in the world,...

Finance2 days ago

WHY THE NORDICS WILL CONTINUE TO LEAD THE WAY IN DIGITAL PAYMENTS

Kriya Patel, CEO, Transact Payments   While the recent introduction of PSD2 — the second iteration of the EU’s Payment...

Banking2 days ago

COMBINED RISE OF M&A AND CYBER RISK CREATES STORMY SEAS FOR INVESTORS

UK organisations carrying out merger and acquisition (M&A) activities must improve pre-acquisition due diligence of software vulnerabilities By Philippe Thomas,...

News2 days ago

PPRO CLAMPS DOWN ON FINANCIAL CRIME RISKS, PARTNERING WITH AND INVESTING IN AI-DRIVEN TRANSACTION MONITORING STARTUP SENTINELS

PPRO, the leading local payments infrastructure provider, has today announced a strategic partnership and minority investment in Sentinels, Europe’s leading transaction...

Business2 days ago

EMV® IN TRANSIT: WHY AND HOW?

Taoufik Sakhi, Smart Mobility Technical Advisory Director at Fime   Today, contactless cards provide a fast and frictionless payment experience,...

News2 days ago

INSTANDA ENTERS THE MIDDLE EASTERN MARKETPLACE

INSTANDA expands global footprint by working with new client, NewTechMe  First product distributed in the Middle East  Announcement signals INSTANDA’s understanding of NewTechMe’s vision to drive digital transformation in UAE...

News2 days ago

RGU LEADS EUROPEAN INTER-REGIONAL NORTH SEA PARTNERSHIP TO HELP HOMEOWNERS IMPROVE ENERGY EFFICIENCY

NB: Image from left to right includes:   Mike Bauermeister, Kishorn Insulations, Jamal Alabid, RGU, Amar Bennadji, RGU, Richard Laing, RGU,...

News2 days ago

JUMIO APPOINTS JENNIFER N. HARRIS TO BOARD OF DIRECTORS

Addition of veteran CFO comes amid period of record growth and product expansion at Jumio   Jumio, the leading provider...

News2 days ago

WISE LAUNCHES ASSETS, YOUR WISE ACCOUNT INVESTED IN THE WORLD’S LARGEST COMPANIES

Assets offers current account flexibility, with the potential for investment returns Wise, the global technology company building the best way...

Finance3 days ago

A CHECKLIST FOR RETRENCHMENT READINESS

By Shelley van der Westhuizen, head of financial well-being strategy & applied research at Alexander Forbes   Your health may not...

News3 days ago

EQUIDUCT LAUNCHES TRADING IN EXCHANGE TRADED FUNDS FOR RETAIL INVESTORS IN EUROPE

Equiduct will offer 436 ETFs and ETPs for trading through Apex   Equiduct, the pan-European retail exchange, announced today that...

Finance5 days ago

THE IMPORTANCE OF MANAGING DATA RISK IN THE FINANCE FUNCTION 

Written by Steph Charbonneau, Senior Director of Product Strategy, Vera by HelpSystems     CFOs and financial controllers play a pivotal role in how organisations evaluate and manage...

Business5 days ago

THE DEMAND FOR BETTER B2B PAYMENTS

By Brandon Spear, CEO, TreviPay   Business-to-consumer (B2C) payments started adapting to digital processes when consumer shopping habits began shifting...

Finance5 days ago

HOW TO BUY USDT AND AVOID THE HIGH VOLATILITY OF CRYPTO

Understanding and breaking down all the different types of crypto can feel like a huge task—there are so many variations...

Trending