Roll-out of biometrics-based security shows firms are listening to the customer24/02/16, London, UK
This week at Mobile World Congress 2016, MasterCard announced that it would enable customers to use their mobile devices’ camera to capture their likeness in order to authenticate their identity when making online payments. The ‘Selfie ID’ security method follows Barclays, NatWest, and more recently HSBC, which have introduced voice and/or fingerprint biometrics for payment authentication via telephone banking and mobile devices.
Some of the schemes are only in the pilot phase and available for corporate or customers under beta testing conditions. However, Keiron Dalton, a mobile security expert, suggests that it shows a move towards serious investment in the user experience:
“The trend here is driven by several external and internal factors but I think it’s important to focus on the end game. Banks are listening to the customer and how they want to do business. It’s completely about enhancing the user experience so that the customer puts in the least amount of effort for a fast, secure and easy customer experience.”
Dalton, who is Senior Director of Customer Strategy and Innovation at contact centre technology provider, Aspect Software, continued: “Yes, the Payment Services Directive now compels anyone processing online payments to ensure that two autonomous methods of authentication are used, but regulation only asks for the bare minimum and does not consider the business objectives behind letting customers pay online or by mobile. No user wants to go through the rigmarole of remembering a combination of passcodes, PINs, and hard tokens if it is disruptive to the experience. After all, mobile banking is supposed to be easier and fitting with current connected lifestyles.”
He said: “Introducing methods that are based on biometrics is inherently more secure than more traditional security processes in isolation, because no two people hold the same biometric data. Once set up for the individual, voice biometrics can be invisible to the user if they are on the phone with a self-service contact centre line anyway, therefore there is no disruption to the process yet the customer is authenticated once combined with second or third methods of identity verification. Similarly, fingerprint technology on mobile devices means users can be authenticated with just a tap. The Selfie ID gives off a very important message, in that banks understand that using a mobile camera is part of daily life for many people.”
He concluded: “Many providers are re-thinking their current online and mobile security models and not just because it is the law, but because the voice of the customer is finally being heard. We want a balance between the experience and ensuring our private data is adequately protected, and it seems we’re finally getting there.”