Jonas Andersson, Head of Standardization at Fingerprints
Data privacy is high on the global agenda. In the wake of data protection policies such as Europe’s GDPR, ensuring the integrity of personal data is an increasingly pertinent subject. This is a governmental and corporate policy reflection of the fact that our lives are moving increasingly online and, with it, our personal data is facing new and increased threats.
For all access to private data or services, we must be authenticated – this is the basis of privacy in the online world. But as PINs and passwords are increasingly viewed as insufficient to tackle this new reality, the world is looking to stronger authentication solutions, such as biometrics.
When implemented in the right way, biometrics will bring multiple benefits. It already enabled consumers to add layers of authentication to personal data previously unsecured in their owned devices – from apps and e-commerce, to our homes and devices. But its potential is phenomenal. Consumer-driven authentication via our phones and tablets is already today by far the largest application of biometrics in the world, with figures in the billions that dwarf government-led identification schemes such as India’s Aadhaar and the FBI database.
Crucially though, it’s a privacy and security measure that consumers have the power and choice to implement. And as third parties, such as financial services, healthcare and enterprise organizations, increasingly accept consumer biometrics authentication for their services, supporting the market’s continued adoption is an important and timely topic. But first, as biometrics creates its own sensitive personal data, there are a few points to clarify and discuss…
Consumers need confidence!
Undeniably, the success of existing applications of consumer biometrics is based on the advantages they offer consumers. Just look at the penetration and use of fingerprint biometrics in smartphones. But the success of future adoption will be determined by how confident consumers continue to feel in new situations. We’re frequently reminded not to use the same password or PIN multiple times, so it’s only natural consumers are beginning to feel concerned of their biometrics integrity as they start to utilize their fingerprint on multiple devices and apps: their phone, tablet, card, USB dongle…
In fact, consumer device authentication utilizes a ‘privacy by design’ approach that inherently protects end-user biometric data with an on-device authentication approach – where biometric data is enrolled, stored and managed all on the same device. The following principles have been fundamental to biometrics’ privacy protection in mobile and are what will enable new benefits for consumers in other personal device-based scenarios:
Translating images to templates
It’s a common misconception that biometric data, such as fingerprints, are stored as images. And in turn, if this image is accessed, the corresponding fingerprint is permanently compromised and unable to be restored or used securely on other applications. You’ll have heard the argument about biometrics: “I can change my password any time, but I only have ten fingerprints; what happens if they’re all hacked?”
In fact, data from a biometric sensor is captured and stored as a template in binary code – or encrypted 0s and 1s. This mathematical representation makes hacking basically pointless as, even if fraudsters could access the template, they can’t do anything with it. Template code cannot be reverse engineered into the original fingerprint image, nor can it be linked to other services and, in turn, other personal data. Moreover, this template is unique to the device it is on, making it impossible to re-use between devices, even if the same fingerprint has been enrolled!
The consumer is in control
This neatly leads on to my next point regarding storage. In consumer authentication use cases, information remains solely on the unique consumer device on which the template was created, remaining physically in control of the user.
Our recent consumer research found 38% were unwilling to share their biometric data but, with this approach, no data needs to be shared with third parties or cloud-based databases as everything is stored, and the authentication process is contained, within a single personal device.
Layers of security
Layering defense mechanisms is standard best practice for a range of security implementations – biometrics is no different. In addition to the transformation of biometric data into an irreversible template, these templates are also later encrypted and further protected by hardware and software both at rest and during the matching process.
The most successful example of a biometrics use case, the smartphone, utilizes the highly secure software isolation of Trusted Execution Environment (TEE) technology for storage and matching of biometric templates on device. The hardware on which it runs is intrinsically secured through its high degree of integration, complexity, miniaturization and specialization.
This approach is also championed by new use cases such as biometric payment cards. Here, the Secure Element (SE) – the chip technology that secures the financial data in your bank card – is utilized to store, process and match biometric information within the confines of the card. This treats biometric templates with the same security as the PIN and other financial data that is stored on our payment cards.
Removing the weakest link
Nothing is ‘un-hackable’, this is the reality of security. With enough time, money and effort, it’s possible to get into anything. A safe, a bank vault. However, attackers take the path of least resistance, and often it’s the end-user that is the ‘weakest link’ in the security chain when it comes to social engineering attacks.
End-users are vulnerable to attacks, such as phishing, where they can be tricked into giving away information such as a PIN or password. With consumer biometrics, the user only presents their biometrics to their personal device and can’t give anything away. This also removes the risks generated by mistakes or complacency, such as creating a password that’s easily guessed.
More authentication = more protection
Biometric authentication can protect a whole host of other sensitive personal data, far more quickly, conveniently and securely than was ever possible with PINs or passwords.
Today however, passwords and PINs remain the most used authentication methods outside of smartphones – something increasingly problematic. The friction created by asking users to create a new password has a significant impact on drop-out rates – especially as new ‘best practice’ guidelines recommend complex requirements such as including numbers, capitals, special characters and length. NIST’s digital identity guidelines outline the importance of usability challenges and stress, fundamentally, “positive user authentication experiences are integral to the success of an organization achieving desired business outcomes.”
6 out of 10 consumers feel they have too many PINs and passwords and worry about forgetting them. Unsurprisingly, 41% also admit to re-using the same PIN code or password across multiple sites, apps and devices. So, not only are PINs and passwords frustrating for consumers, they’re also becoming less secure.
Biometrics can be the authentication silver bullet as it combines security and a convenient UX, with leading fingerprint sensors authenticating in under a second. Its capacity to bring security to devices and processes previously either unsecured, poorly secured, or secured with a poor UX is phenomenal. Mobile is the perfect example of how it has been able to transform a device from being unsecured most of the time, to now only unlocked when in use. And now, just look at how your bank accepts your fingerprint authentication on your phone for access to your account.
With consumer biometrics, its quick and effortless to enroll onto new services and subscriptions. Consumers are happy to authenticate more frequently, because it’s so simple and the action is so intuitive. Plus, you cannot forget your fingerprint…
Consumer biometrics: on the agenda
It’s clear that biometrics is key to many organizations’ plans for privacy and security, but don’t just take our word for it. Many industry and government initiatives are moving quickly.
Europe’s GDPR highlighted biometrics as ‘sensitive personal data’ which clearly needs to be protected in the right way. Meanwhile, the benefits and integrity of consumer device biometric authentication were also recognized by Europe’s financial services directive, PSD2, citing biometrics as a trusted factor under its strong customer authentication (SCA) mandates.
Looking to industry bodies, FIDO Alliance is gaining significant traction in formalizing the quality and security of personal authentication with biometrics. Its work is complementing rising initiatives such as Self Sovereign Identity (SSI) models, whereby individuals or organizations are endeavoring to have sole ownership of digital identities and control how this personal data is shared and used. With an owned, FIDO-certified biometrics-secured device, users can add another authentication layer over stored digital identifiers.
For several years, we’ve also participated in industry body GlobalPlatform’s work to verify and standardize the quality of security protection on TEE. The biometric API extension defines security protections specifically around biometrics and is highly referenced in mobile implementations, and increasingly in new devices such as key fobs and home security devices too. With the dawn of the biometric payment card, we’re also supporting GlobalPlatform to define an SE specification for biometric cards.
The combination of government and industry engagement is setting the scene for so much more to be achieved with consumer authentication using biometrics. Undoubtedly, biometrics’ role in an increasingly data-conscious world has only just begun to take shape, and excitingly, it’s consumers who have the power at their fingertips – quite literally!
COMPETING IN A DIGITAL WORLD – SMES FIND THEIR FEET
– Stefano, Product Manager
Digital transformation is different for small and medium-sized companies. Or is it? In this article, we take a look at the current state of digital in SMEs and look ahead to see what is in store.
“Changes in business operations, and in the way customers are served, driven by digital technologies.”
That is a compact definition of digital transformation. And the digital technologies in question? They range from IoT (internet of things, or connected devices like smart sensors), to Robotic Process Automation and AI, to cloud computing.
SME rate of digitisation
Whether your business employs ten people or 10,000, the ingredients for digital transformation are the same. So how are small and medium-sized companies faring? Are they even interested in digitisation? Research1 says they are, and UK SMEs are doing better than many of their European counterparts, with high scores for adoption rates of cloud computing, Big Data and AI. To put this statement into perspective, 58% of companies have adopted cloud computing, but only 27% use some sort of AI-based technology.
Still, only 40% of SMEs report that digitisation is a top priority. An important fact, as the European SME survey 20191 shows a correlation between prioritising digitisation and investment. Those companies that say getting digital is a top priority invest more than companies that give digitisation a lower priority. The companies that prioritise digital also expected to export more than companies who see digitisation as less critical.
Naturally, as SMEs are a very heterogeneous group, there are differences in the area of digitisation as well. Some sectors are further along than others. Roughly speaking, finance & accounting firms, manufacturing companies, and the logistics sector are a step or two ahead of firms in the construction business and the legal profession2.
The big gain
So, what is it that drives digital transformation? What do SMEs stand to gain?
The short answer is a competitive edge, or even just remaining competitive (enough). Digital transformation is not an option; it is a must. The 24/7 economy demands fast service and quick supplies, and that goes for B2B markets just as much as for B2C. Digitisation enables companies to satisfy such demands.
The predictive capability of AI can reduce downtimes, for example – it will know in advance when machinery is likely to break down and can schedule preventive maintenance accordingly. Another example is increased productivity through the use of RPA or software robots. With RPA, a company can automate routine jobs like checking invoices relatively quickly and cheaply, freeing up human capital for other tasks.
The digital future
To look ahead, we also need to take a look at some constraints SMEs face with regards to digital transformation. The main issues UK firms face in this respect are around cybersecurity and the lack of skilled workers. In other countries around Europe, insufficient IT infrastructures also ranks high on the list of concerns.
Dealing with cybersecurity risks and especially ransomware attacks, is a significant worry for companies, as they are costly, difficult to prevent and have the potential to damage their reputation. Financial constraints are also a leading problem firms face when trying to skill up. Salaries for highly skilled IT talent have risen to a level that is prohibitive for many. At the same time, it is also hard for SMEs to attract and retain people, as candidates consider them as less attractive in terms of opportunities for growth.
According to Hays2, most employers say the lack of skills of existing staff prevents them from taking full advantage of the opportunities digital technologies provide. They are turning to solutions to train their employees and outsourcing work.
Nonetheless, digital transformation also provides plenty of opportunities. Look at fintech. Not what you were expecting, perhaps, but the rise of fintech has undoubtedly been advantageous for SMEs. Where SMEs have traditionally been caught in the middle between large corporations and consumers, as far as banking services were concerned, fintech is now providing smaller companies with choices that were not available before. A survey by EY3 shows that, in the UK, 18% of SMEs have adopted fintech services. These services include banking, payments and financing.
SMEs have taken essential steps, but they have some way to go as well. What lies ahead seemed brighter in January 2020 than it is now, just a few months later. Still valid for any company setting out on the digital transformation path, though, is that investing in people – skills, communication and culture – is crucial. Although the survey done by Hays found that many employees feel that ‘going digital’ is not a bad thing, the human factor does seem to be a stumbling block for many SME’s. One possible solution is for organisations to cooperate in creating training programmes and offer employees a challenging, cross-company career path.
1 KFW Going digital – the challenges facing European SMEs | European SME survey 2019
2 Hayes What workers want
3 EY Fintech is a world of choice for small and medium-sized enterprises
AI: CUSTOMER FACING EMPLOYEES’ BEST FRIEND IN THE FINANCIAL SERVICES INDUSTRY
By Ryan Lester, Senior Director, Customer Experience Technologies at LogMeIn
We’ve all heard the old saying “money talks.” Well when it comes to customer loyalty and retention, good customer experience talks much louder, with 30% of customers leaving a brand and never returning due to a bad experience.
The truth is, there are a lot of companies with similar products and services, but that doesn’t mean that differentiation is impossible. So, what’s the solution? For financial services, large and small, customer experience is becoming the key competitive differentiator and the best way to deliver an impactful experience is to empower customer-facing employees to do their best work. Artificial intelligence (AI) is enabling these employees to create remarkably better customer experiences, resulting in customer loyalty, advocacy, and overall growth.
For financial institutions that have been considering new strategies for improving the quality and efficiency of their customer experience, here are a few ways AI can enable them to deliver the “human factor” that good customer experience demands whilst ensuring customer facing employees can provide a more positive experience for customers.
Increase employee productivity
How much of employees’ time is spent searching for answers to questions? Do they ever have to put customers on hold or even step away to get additional help? AI helps provide front-line employees real-time guidance so they can spend less time looking for information and more time solving problems. An AI-powered chatbot, for example, can be listening in the background of a conversation helping point employees to the right data, solutions, and processes to resolve customer issues faster than ever before.
Deliver a consistent customer experience
When banking customers engage with their financial institutions, they measure the speed and accuracy of the service through two criteria. First, how quickly can the system access their account and deliver the correct information? Is it faster than a human could type it in and share it? And second, if they eventually do need to be connected to a live customer support agent, is their information captured and passed along accurately? AI technology takes those general queries off the customer support team’s plate, providing a quick, accurate, and effective response. If a query needs a more in-depth response, AI can hand it off to support staff to address.
Not only this but leveraging a centralised, AI-powered knowledge solution ensures every employee has access to the same, updated information, so no matter who the customer speaks to, they can be assured that employee responses are both consistent and accurate across the board.
Accelerating employee training and onboarding
Like any industry, employee turnover is inevitable and can be costly. But, not training new employees correctly or in a timely manner could be much more costly. When it comes to financial services there is a lot to learn, whether it is something simple like the process for checking an account balance to all the nuances associated with mortgage loans. AI can support on-the-job training by helping new employees answer questions confidently, correctly, and much quicker than they could before.
Improving employee satisfaction
Today’s banking customer has all kinds of new ideas about their banking experience. “The Amazon Effect” has successfully raised consumer expectations to the extent that a consistent, personal, and relevant experience is the new normal. As a customer, how many times have you been told “I’m sorry, I don’t know the answer?” Customers want solutions to their problems and employees want to be able to deliver those solutions as efficiently and effectively as possible. AI assisting in the background helps minimise those negative moments – making employees job easier, less stressful, and overall more enjoyable.
Identify knowledge gaps
Do you know all the questions employees are getting asked? Do you know what’s easily answered and what’s not? Real-time insights allow knowledge managers to keep up to date on frequently asked questions and gaps in current resources. This allows them to strategically improve or add content where needed.
Augmenting customer service
Whether talking with an AI chatbot or a personable customer service team member, the modern banking customer has high expectations for convenience, speed, and security. Which means that the technology you choose to deploy and how you deploy it is now just as important as who you hire and how you train them.
Today’s AI solutions won’t replace customer service agents or get in the way of the human factors that drive the customer experience. On the contrary, they augment it, allowing the business to do more without adding human resources. The higher the quality of a AI chatbot solution, the better it will be at taking the routine requests off the plate of customer service agents—giving them more time to provide a personalized and positive experience for customers.
2020: THE YEAR BLOCKCHAIN COMES OF AGE
– By Rob Coole, VP of Cloud Technologies at IPC Despite headlines over the years stating that blockchain will...
AI IN THE FINANCE SECTOR: WHAT’S NEXT?
By Rui Vasconcelos, Product Manager for AI/ML at Canonical – the publisher of Ubuntu The last few years have...
6 STEPS FOR BUSINESSES TO ENSURE THAT THEY ARE DATA COMPLIANT
By Alex Hazell, Acxiom UK head of legal Data compliance can be a complex – and ever changing – consideration...
INNOVATION WITHIN TIME
By Richard Hoptroff, CTO and Founder, Hoptroff The Finance Industry has always been quick to innovate, from the ATM...
COMPETING IN A DIGITAL WORLD – SMES FIND THEIR FEET
– Stefano, Product Manager Digital transformation is different for small and medium-sized companies. Or is it? In this article, we...
DATA-DRIVEN BUSINESS OPERATIONS ARE A MULTI-YEAR PLAN FOR TWO-THIRDS OF FINANCE PROFESSIONALS
Data-driven business operations are a multi-year plan for two-thirds of finance professionals (66%). Only 7% think their own organisation is...
AI: CUSTOMER FACING EMPLOYEES’ BEST FRIEND IN THE FINANCIAL SERVICES INDUSTRY
By Ryan Lester, Senior Director, Customer Experience Technologies at LogMeIn We’ve all heard the old saying “money talks.” Well...
HOW IDENTITY IS SECURELY UNLOCKING THE SME BANKING MARKET
By Mike Kiser, senior identity strategist at SailPoint Have an identification card in your wallet? With a selfie and a...
FIVE REASONS WHY YOUR BUSINESS’ PROCUREMENT TEAM SHOULD BE USING A CONTRACT MANAGEMENT SYSTEM
By Daniel Ball, business development director at Wax Digital Even in today’s digital-first environment some businesses are still storing...
EXEGER – CHANGING THE PERCEPTION OF POWER
FINASTRA GLOBAL SURVEY SHOWS APPETITE FOR OPEN BANKING PICKING UP PACE WORLDWIDE
86% of global banks surveyed are looking to use open APIs to enable Open Banking capabilities in the next 12...
STOCK MARKET ANALYSTS DISCUSS HOW TO INVEST DURING A RECESSION
Online tool looks back at how world markets recovered after the last recession in 2008 Analysts take learnings from previous...
PROTECTING YOURSELF AGAINST A RECESSION
James Turner, Director at Turner Little The coronavirus outbreak has spread to businesses, leaving many around the world counting...
LIBERTY BANK REINFORCES ITS FRAUD STRATEGY TO FURTHER PROTECT ITS CUSTOMERS
Liberty Bank, the third largest bank in the Georgia, has reinforced its fraud strategy to address the rising volume of...
COMMERCIAL FINANCE SPECIALIST IGF NAVIGATES THE LOCKDOWN
Leading independent commercial finance specialist, Independent Growth Finance (IGF), entered the lockdown after a record-breaking financial year came to an end in March. In April, it was accredited by...
COVID-19 WILL BE THE TIPPING POINT FOR DIGITAL TRANSFORMATION IN PROCUREMENT
Seven in ten organisations in the UK say the global pandemic has increased the need for procurement to digitally transform...
TRIO OF NEW REGIONAL DIRECTORS HEAD UP TIGERWIT’S GLOBAL EXPANSION
Following the release of their record revenue for the last financial year, award-winning online trading platform, TigerWit, has strengthened their...
SECURING THE EVIDENCE FOR VAT AND TAX
Filippa Jörnstedt, Senior Regulatory Counsel at Sovos Businesses are almost entirely digital in their nature. With sophisticated technology now...
TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC
By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants The full impact of the COVID-19 pandemic is...
RETAILERS WHO OPEN THEIR DOORS WILL NEED EXTRA HELP
With thousands of retail stores given the green light to open in the next few weeks the government needs to...