CHAPETER - III

BIOMETRICS IN BANKING
-T HEORITICAL VIEW
Importance of Document Security in Banking

The banking industry conducts business via electronic documentation. Banks manage

customer information, financial data, and products through electronic documents. The

sensitive nature of information demands the highest level of security to prevent unauthorized

access.

Banking Imperative: Confidentiality of Data

The widespread use of electronic documents makes the security of top secret documents

critical for banking. Confidential financial and customer data require stringent user and

security protocols. When unauthorized persons gain access to sensitive data, it can dilute the

brand, result in loss of business, and erode the confidence of customers. Banks can uphold

data security by adopting a robust policy to prevent breach of security and unauthorized

access.

Financial institutions must address the data imperative: protect and prevent. Data must be

secured to protect it from unauthorized access and prevent any material or collateral damage.

It requires information to be classified under several categories based on the damage caused

by a security breach.

Traditional Security Methods and Challenges

The traditional methods of access control include knowledge-based identification systems for

document security. The security systems adopted include:

1. Passwords / PINs: The owner sets a unique personal identification number (PIN) or

password (combination of letters, numbers and special characters) to access the document

with secure information.

2. Encryption / decryption: When information is transmitted across the network, it is

encrypted before the transfer to protect information from a security breach. The receiver can

decrypt the secure information before gaining access. It involves a secret key, which is shared

between the sender and receiver. A smart combination of letters, numbers and special

characters in a password may not be easy to guess for hackers, but it is difficult for users to

remember. If the user has access to multiple documents, it is difficult to remember multiple

passwords / PINs or retain one master password.

Keystroke recording software can be installed on personal computers to capture keystrokes

and trace passwords. Moreover, a virtual keyboard is not safe in a public computer since

clicking virtual keys is comparatively slower than typing a password. Most importantly,

traditional methods are unreliable as they do not recognize users as unique individuals.

In a traditional security system, the user establishes credentials based on PINs, passwords,

decryption keys, or tokens. However, it does not prove that the user is the real owner.

The risks of traditional security systems outweigh the positives:

Advantages

No devices are required

Cost-effective
Registration / recording of users physical information is not required
Can be accessed anywhere, without the support of specific devices

Disadvantages

Users must remember passwords for every document

Owners must provide a unique password for each document to minimize the loss of

information in the event of a security breach

High possibility of being leaked, shared or distributed intentionally or accidentally
Can be easily hacked
High risk due to proliferation of unique passwords to access sensitive documents
 Access by authorized users is blocked when the password is lost or forgotten

Biometrics Security

Biometrics involves the identification of human beings by their unique characteristics or

traits. In computer science, it is used for access control based on the physical characteristics

of a person. The biometric data is used for security clearance since it does not change during

the lifetime of a person. Biometric identification technologies cover fingerprints, eyes, hands,

DNA, speech, and facial characteristics.

Biometric security is a pattern recognition system that identifies the individual by

establishing the authenticity of specific physical or behavioural attributes of a user.

Uniqueness is the primary criterion of biometric data. The system recognizes each user as a

unique individual. The system collects and stores data to verify personal identity. A biometric

security system combines biometric data systems and biometric recognition / identification

technologies. Individuals can access the biometric security system by providing their unique

characteristics or traits that are matched to a database. If the information is authenticated, the

locking system provides access to the user. The locking and capturing system activates and

records information of users who access data.

Biometrics in Banking Security

As biometric security technology has continued to develop, biometrics in banking has

emerged with many new ways of implementing biometrics into the banking world.

Banking is only one of the industries that are being profoundly affected by the advances in

this security technology.

Since banking is such a such a sensitive industry that often requires consumers to identify

themselves, biometrics security offers many excellent advantages.

 Certain forms of identification are easy to counterfeit, which has led to a rise

in identity theft today. By making use of biometrics technologies, the

banking industry can enjoy enhanced security, providing consumers with

better security that protects their money, financial information and identity.

Types of Biometric Security

Fingerprint Recognition

Fingerprint biometrics cannot be faked or altered easily. The uniqueness of

a fingerprint can be determined by the pattern of ridges and furrows on a

fingertip as well as the minutiae points.

A fingerprint sensor is an electronic device that captures a digital image of the fingerprint

pattern. The captured image is called a live scan. The live scan is digitally processed to

create a biometric template which is stored and used for matching. Uses in: - Automatic

Teller Machines (ATMs), Point of Sale (POS), e-payments, access control, branch

banking, online banking, fund transfer, checking transaction history, check cashing,

online purchases, loan origination, and debit cards.

Hand Geometry

Hand geometry identifies users by the shape of their hands. It is the first biometric to achieve

widespread computerized use.

A hand geometry system measures the physical characteristics of the fingers or the hands,

including their length, width, thickness and surface area. It compares the results of a

measurement to previous measurements stored in a file.

Since a persons hands and fingers are unique, but not as unique as other traits, such as

fingerprints or irises, this method of authentication and identification is not as robust as some
other alternatives. Unlike finger prints or irises, hand geometrics can change over time as a

result of injury, weight change, or arthritis. Uses in: - ATMs, access control

Facial Recognition

Facial recognition systems measure the structure, shape, and proportions of facial

characteristics including the eyes, nose, and mouth. They can convert a photograph or video

image into a code that describes a persons face.

The most advanced method of facial recognition is three-dimensional (3-D) facial

recognition. It uses 3-D sensors to capture information about the shape of a face and

distinctive features on the face. Unlike 2-D methods, 3-D facial recognition is not affected by

changes in lighting, and it can identify a face from a variety of angles.

End users generally prefer facial recognition to other methods because it is hands-free and

requires less effort than some other identification and authentication methods. Uses in: -

Branch banking, fraud recognition, access control

Iris and Retina Scans

The iris is the collared, ring-shaped area surrounding the

pupil. No two iris structures are alike, even in the case of

identical twins.

Iris recognition technology uses small, high-quality cameras to capture a black and white

high-resolution photograph of the iris. Once the image is captured, it is analysed, processed

into an optical "fingerprint," and translated into a digital form.

The retina is the thin neural cell tissue at the back of ones eye. Its uniqueness remains

constant throughout a persons lifetime. The blood vessels in the retina provide a unique

pattern, which is used in retina recognition technology. A retinal scan is performed by casting
an unperceived beam of low-energy infrared light into a persons eye as the user looks

through the scanners eyepiece. This beam of light traces a standardized path on the retina.

Once the scanner device captures a retinal image, specialized software compiles the unique

features of retinal blood vessels into a template. Uses in: - Branch banking, ATMs, Internet

banking, access control

Voice Recognition

The behavioural components of voice include movement, manner, and pronunciation. Voice

verification technology works by converting a spoken phrase from analog to digital format

and extracting the distractive vocal characteristics to create a speaker model or voiceprint. A

template is then generated and stored for future comparison.

Voice recognition is often used where voice is the only available biometric identifier, such as

over the telephone. Uses in: - Telephone banking, branch banking, Password/PIN resets,

high-risk transactions, and mobile banking

Vein Recognition

Vein recognition or vascular biometrics refers to identity management

solutions that authenticate based on the unique patterns made by a

users veins. Said veins can be in a users palm, in their finger. Though

the technology used in most vascular biometrics solutions is still too big to

be designed into a smartphone, the modality is carving out a niche in

finance and physical access control thanks to a special trait inherent in vein

patterns. Because vein patterns are located beneath the skin and must have blood flowing

through them to be scanned, they are virtually impossible to spoof.

Biometric Banking Technology Can Secure Transactions From Anywhere

The use of biometrics in banking is increasing because more consumers understand its

potential as a predominant method of identifying themselves to access banking services such

as branch banking, online banking, ATM networks, and mobile banking.

The sharp rise in sophisticated bank fraud and the increase in identity theft throughout

banking systems has increased demand for a more secure method to identify customers that

does not rely on something they have or something they know, but rather who they are. Plus,

a significant increase in digital, online and mobile banking services has pushed secure

customer authentication to the priority list for most banks and financial institutions.

Traditional methods for customer authentication such as passwords, PINs, and tokens are

now obsolete, easy to forge, and cant protect consumer information from being

compromised.

Biometric identification methods are automated and provide fast and accurate customer

authentication. Due to the fact that biometric systems can provide optimal identification

accuracy and security, the technology is already in use within different industries such as law

enforcement, government identity authority and border control agencies as a reliable

security tool. As a reliable security tool, biometrics in banking can eliminate loopholes of a

banking system that criminals can exploit and has the versatility to secure all financial

transactions such as branch banking, internet banking, mobile banking, and ATM networks.

Adopting biometrics for customer identification in a banking system secures transactions and

brings numerous benefits and a positive impact in this industry.

Biometrics in Branch Banking

Adopting a biometric banking system in branches can provide a convenient way for banks to

quickly and accurately authorize customer identities. When customers visit branches they can

be authenticated conveniently at the counter through fingerprint and finger vein biometric
scanners that match the customers existing biometric template within the bank database.

After successful authentication, the customer will be allowed to move forward with their

banking transactions. This will help to maintain a concrete audit trail of every transaction and

can prevent fraudulent activity.

India`s DCB Bank has introduced an Aadhaar-based ATM where a customer can initiate

transactions using their Aadhaar number and biometric details instead of a PIN.

Biometric Banking System for ATMs

Due to the fact that ATMs are automated and require customer self-authentication, biometric

technology in banking ATM networks is the most suitable technology to ensure identification

accuracy. Biometrics for customer ATM transactions are already a popular security tool in

developed countries and the adoption rate is growing significantly.

Biometric identification is automated and provides faster and more accurate identification,

therefore implementing biometrics in banking ATMs can improve the user experience and

eliminate the security loopholes of using traditional passwords and PINs to perform a

transaction.

Use of Iris Recognition technology in the Biometric ATM

Iris recognition system has proven its capability in implementing reliable biometric security

protocols in various high risk sectors like aviation, border patrol and defence. However,

lately, due to falling prices of iris scanners it has found further application in the retail

industry.

The

banking

and
financial sector has adopted this system wholeheartedly because of its robustness and the

advantages it provides in cutting costs and making processes more streamlined. The

technology started out as a novelty however due exigencies in the banking sector

characterised by decreasing profits it became a necessity. The use of Biometric ATMs based

on iris recognition technology has gone a long way in improving customer service by

providing a safe and paperless banking environment.

Iris recognition technology captures the intricate iris patterns with the help of an iris

scanning device. This data is then digitalized and stored in a database for future reference

along with some other parameters like name and address. Iris data is more reliable and

durable because the iris is covered by a protective sheath which protects it from damaged.

Due to this durability iris recognition system requires only a single enrolment. Other

technologies are subjected to wear and tear due to the nature of the work environment which

requires repeated enrolment.

Iris based biometric ATMs are more secure than conventional pin based ATMs because it

requires biometric verification which cannot be stolen, copied or faked. Pin based security

systems can be compromised leading to losses for the consumer as well as the bank. Also, the

customers find it very tedious to remember passwords and pin numbers; moreover, the task of

requesting for new set of passwords is itself fraught with endless communication to and from

the customer and the bank leading to poor customer experience.

Biometrics for Online Banking

Online banking is now very popular among consumers because it provides a convenient way

to perform transactions from anywhere using smart devices like a laptop, computer, and even

smartphones. However, these emerging online banking transactions are highly vulnerable

because identity thieves are using high-tech methods to gain access to user information such
as passwords, PINs and security questions. Even tokens are not safe to perform online

transactions! Implementing a biometric authentication system in the online banking system

will help this industry to protect customers identity and financial information by providing

stronger authentication methods like fingerprint scanning, facial recognition, and voice

recognition. Due to the fact that biometrics are unique for every individual and cannot be

easily forged, it will protect customer information from being compromised by fraudsters.

Many computers, laptops, and even smartphones already have webcams, microphones, and

fingerprint scanners, offering flexibility for banks to easily adopt biometric authentication for

online banking services.

Biometrics in Mobile Banking

Mobile banking is growing rapidly worldwide, 400 million people performed a mobile

banking transaction in 2013. Despite this large number, many bank customers still have a lack

of trust over the security of mobile banking platforms and concerns over security. Bank

transactions or customer services could be performed through a voice or speech recognition

system where customers need to verify their identity using the microphone in their phones.

Nowadays mobile support fingerprint scanner, through which customers can get access to

banking app with their fingerprint scanner.

Biometrics in credit card security

The idea is to perform real-time fingerprint verification against the fingerprint image on the

user's credit card. This would require taking initial sample of fingerprint during the time of

enrolment. The process involves obtaining the fingerprint sample on fingerprint card strips,

transforming the sample to a template using fingerprint scanners and storing the template on

credit card chips. Verification against a stored database of fingerprints was ruled out due to

the infeasibility of storing millions of fingerprints as well as the increased transaction time

that would lead to.

While using the card at a store or an ATM, the fingerprint on the card is read using a simple

card reader. A real-time fingerprint sample on a print reader is then taken and the two are

matched to determine approval or rejection for further action. The transaction process

communication that occurs among the merchant store, the acquirer (usually a bank whose

card reader is being used by the store), the credit card company and the bank to transfer

money from the bank to the store remains exactly the same.

Voice Recognition Banking System, the Future of Online Banking

With a voice recognition banking system, you will finally be able to forget passwords, card

verification numbers and PINs. Latest biometric technologies now allow you to use your

voice to log in to your bank account.

Today customers are using web or mobile banking applications to check their bank

accounts. The financial brand has conducted a research during the last 5 years and examined

the analytics data from over 100 banks, financial institutions and credit unions. They found

that over 85% of customers log in to online banking, check their accounts, spend 2-3 minutes

on the platform, and log out. Recent innovations in voice recognition banking systems

provide secure access to both information centres and accounts within seconds. In such a

system the customers voice is verified against pre-recorded and stored voiceprints, solving
the problem of forgotten passwords once and for all. Also a voice recognition banking system

brings more accessibility to blind or partially sighted people, which is a significant benefit in

itself.

Barclays introduced a voice recognition banking system in 2013 for some of its customers.

The solution reduced the authentication process by an average 20 seconds. At the same time,

it minimized identification and authentication issues on the customer support side. As a

result, customer satisfaction levels increased.

Banks will soon be able to give their customers the possibility to check accounts and make

transfers by talking into a device.

Face Recognition Attendance System

The system is developed for deploying an easy and a secure way of taking down attendance.

The software first captures an image of all the authorized persons and stores the information

into database. The system then stores the image by mapping it into a face coordinate

structure. Next time whenever the registered person enters the premises the system

recognizes the person and marks his attendance

along with the time. If the person arrives late than

his reporting time, the system speaks a warning

you are xx minutes late! Do not repeat this.

Biometrics in Indian Banking

Indias DC Bank has developed ATMs using iris recognition

that will be rolled out initially in Chennai. The Development Credit Bank has developed the

technology in tandem with India's Biomatiques Identification Solutions. Following the

Chennai deployment, the bank would subsequently roll out new ATMs at other places in

India, including Mumbai, Tamaal Roy, CEO, Biomatiques Identification Solutions, told

Business Line. The iris is one of the modalities included in the mass biometric enrolment

process underway in India to give every citizen a unique

ID (Aadhaar) number. Earlier this month, the firm was

named in a list of start-ups to benefit from a funding

strategy being established by New Delhi. Roy, 49, also

told the business magazine that his firm is also in touch

with Jaguar Land Rover (JLR), Asian Paints and Godrej

for supply of iris scanners for their various requirements. JLR is expected to launch its iris-

recognising vehicles by 2019-20.

ICICI Prudential Asset Management Company, Indias largest AMC, has launched a

biometric Know Your Customer (KYC) service across its branches.

The company has said that with Biometric KYC, a distributor should be able to facilitate

transactions for the investor immediately after fingerprint authentication.

An advisor need not stock or run around looking for application forms and multiple

signatures of the investor.

The transaction time and cost will be marginal, thereby increasing advisor productivity, said

ICICI. Meanwhile, the feature will also soon be available on the IPRUTOUCH mobile app.

The chairman of Indias telecoms regulator said that use of digital identities, biometrics and

the countrys Aadhaar ID number can cut new account activation costs to zero. TRAI

chairman R S Sharma told the Business Standard that if electronic KYC for SIMs were

conducted via Aadhaar then transaction costs are reduced substantially.

Benefits of Biometrics-Based Identification

The concept of banking the unbanked holds great promise for both financial institutions and

un-served customers. Financial institutions get access to large numbers of new customers and

the unbanked get access to financial products and services previously not afforded them. The

same holds true with the benefits of biometrics. From an institutional perspective, biometrics

allow for the creation of a trusted identity file. Fingerprints and other biometrics are truly

unique identifiers that are not subject to counterfeiting and forgery (like birth certificates and

other breeder documents). The costs of biometrics-based solutions are relatively low and

definitively lower than issuing and managing smart cards or other tokens to widespread

populations.

Protecting Banking Information Biometric technology provides the strongest

method of authentication that protects banking information from being compromised

by unauthorized personnel.

Fast and Accurate Branch Banking Biometric technology provides fast and

accurate identification for the banking industry. Customers can be quickly

authenticated in mere seconds through a fast biometric scan.

Protection Against Insider Fraud Biometric identification of employees

performing transactions on the back end is a crucial step to ensuring identity

protection and reducing fraud. Biometrics in banking will help financial institutions to

prevent insider fraud by establishing secure employee authentication, accountability

and concrete audit trail of each transaction.

Secure Online Banking Over the past years the banking sector has been suffering

from massive online service cyber-attacks. In most of these cases customers lose their

money from the negative effects of identity theft. Biometrics in banking helps the

bank to protect customer identities when using online banking services.

 ATMs with Biometrics Biometrics in banking for ATMs authentication brings

outstanding benefits to both customers and banks. This system now gives customers

flexibility to make transactions without bringing bank cards. Banks can avoid the

costs and liabilities of customer problems due to lost or stolen bank cards.

Audit Trails Banks can easily track and monitor employee and customer activity in

the system to create concrete audit trails with biometric technology solutions.

Fast, Secure and Accurate Customer Care Service The banking sector is always

in need of tighter security solutions to provide improved and more secure customer

care service over the phone and internet. A biometric voice recognition system for

example provides a secure and flexible solution to verify any customers executing

transactions outside of a brick and mortar environment.

Disadvantages

The implementation of this technology on a huge scale has to contend with some issues, the

biggest of them being that of user acceptability. To add to the common resistance to change,

there is the universally surveyed fact that among the many biometric techniques, fingerprint

is of only medium acceptability.

There is a cost to be incurred by the merchant stores, that of retrofitting fingerprint scanners

at points of sale. The main cost incurred would have to be borne by banks in the form of cost

of rolling out new card readers with fingerprint recognition, cost of rolling out new ATM

machines or attaching the fingerprint readers to the existing machines, cost of designing new

customer forms with fingerprint card strips and that of new cards. While the banks would

incur huge expenses, a cost analysis by the authors has shown that the one-time costs are less
when compared to the direct and indirect savings ensuing from reduced fraud. The system

banks heavily on customer education on security and system usage which is the first and

perhaps the most difficult hurdle to be crossed.

Fingerprints as a method of identification is not feasible if an individuals hands are

damaged due to an accident.

Individuals express concerns about eyesight due to scanning of the iris.
High cost of installation of devices for biometric security.
Survey says biometrics in banking on verge of become mainstream

April 1, 2016 -

According to a recent Mobey Forum survey, the use of biometrics in banking and payment

systems is on the verge of becoming mainstream.

The survey notes that major technological advances and economies of scale have enabled

biometrics to gain strong momentum as a secure authentication factor to verify a customers

identity in the areas of mobile banking and payment. The report argues that over the last two

decades, the technology has steadily proven its credibility in this market, attracting the strong

interest of a number of global business players.

The report states: The vast majority of banks intend to implement biometrics in the

relatively near future, just as the number of handset manufacturers planning to integrate

biometric capabilities into their devices rises.

The report also notes that current market forecasts are extremely optimistic, projecting that by

2017, there will be over one billion users accessing banking services through biometric

systems.

The report also found that historic concerns about biometrics, with regards to accuracy and

price, are no longer so pressing. Other concerns, like security, however, still are. The report

notes that for biometrics to succeed, it must be used in combination with secure technologies

for storage and processing.

According to the report, biometrics brings added value to other financial services, such as

know-your-customer (KYC), e-contracting, insurance and more. The survey results also

confirms growing positive reception of the technologies by consumers. In addition to offering

the convenience customers want for mobile security features, the coolness factor of
biometrics usage on smartphones is enabling the technology gain large user acceptance even

across a range of different age groups.