Cybercrime against banks and their customers is exploding, despite technology innovations such as iris scanning recognition. Compelo gets the lowdown from two fraud and biometric banking experts.
The eyes have it. From September, TSB customers will be able to do what US consumers have been doing for a while. Namely, log into their bank account just by glancing at their smartphone.
TSB is the first European bank to introduce iris scanning technology.
“It takes advantage of 266 different characteristics, compared with 40 for fingerprints,” said TSB chief information officer Carlos Abarca. As a result, all customers need are their eyes − and the latest Samsung Galaxy S8.
Wells Fargo employs a slightly different approach. The US bank’s app doesn’t scan the customer’s iris. Instead, biometric technology reads the pattern of blood vessels behind the whites of the eyes.
The app then compares the eyes in the camera image to one the customer has previously stored. If they match, the customer is free to check their bank balance, transfer money and pay bills.
Biometric banking vs cyber crime
So far, so convenient, but how secure is biometric technology?
BBC News reports that in May German hacking group Chaos Computer Club said it had fooled Samsung’s iris scanner. How? Simply by using a photo to make a dummy eye.
Cyber crime rose by 55% in 2016 compared with the previous year. Furthermore, the total value of fraud jumped past the £1 billion mark for the first time since 2011.
Two-step authentication – where customers enter a PIN into a calculator-like device that provides a dynamic passcode – has proved successful. However, cyber criminals have now changed strategy.
“What the fraudster worked out around 18–24 months ago was that they can still coerce the dynamic passcode out of the customer,” Stuart Skinner, director of fraud at Nationwide, told Future Banking.
“So what we’ve seen is them going on a fairly relentless campaign against our customer base.”
The rise of vishing
Vishing is an increasingly popular way for fraudsters to target customers.
Here, a scammer phones a customer pretending to be from their bank or building society, or law enforcement. As a result, the criminal convinces them to hand over card-reader codes.
“We now see many variations; people get messages through Twitter, Facebook and SMS, often in conjunction with each other,” Skinner says. “For example, a customer may get an SMS followed up with a call ten minutes later, just to add another layer of authenticity to the scam.”
Cash machines are, in many ways, just as basic. Positive Technologies’ Leigh-Anne Galloway told BBC News that most ATMs are effectively a Windows XP computer attached to a safe.
Unsophisticated, old-school scamming is still popular, then, but new technology is taking the fight to the cyber criminals.
‘The biggest shake-up in the field since the introduction of chip and pin in 2004’. That’s how bank cards with changing CVV codes have been described. Skinner, for one, is a fan.
“Our card and CVV numbers are being held by so many people that you only need one of those to be hacked and you have a problem,” he says. “Having a system of rotating CVV numbers so that when somebody does steal it, it doesn’t matter, is a great idea.”
Another promising breakthrough is ‘confirmation of payee’ systems designed to solve fraud and ‘fat-finger’-type cases. Namely, where customers send money to the wrong account.
Artificial intelligence
The next major biometric innovation may also come from the artificial intelligence (AI) community.
“AI holds a huge amount of promise in terms of banking access and control in the mobile space,” Chris Popple, now of Lloyds Group, told Future Banking. “Almost every major technology player has AI as part of its service; Apple’s Siri, Cortana from Microsoft, Facebook – you could even argue that Google is semi-artificially intelligent.
“With the release of iOS 9, there is a set-up function to Siri where it asks the user to say phrases and then you train the system to recognise you. I can foresee a time when banks could piggyback off of Siri, for example, taking that unique voice fingerprint and wrapping into their banking services.”
Read the full interviews with Stuart Skinner and Chris Popple in Future Banking magazine.
Did you enjoy this article on biometric banking? Read more here:
“The banking industry is ripe for change”: Fintech and the rise of challenger banks
“There are over 70 million stolen identities available online” – We spoke to INTERPOL