By Alan Goode, Managing Director, Goode Intelligence
Banks are racing ahead in deploying biometric systems in an attempt to control rising levels of financial fraud and to reduce friction on inconvenient forms of authentication and fraud management.
There are many different competing biometric modalities that banks can implement but what criteria do (or should) they use to ensure that the biometric system is appropriate.
Through Goode Intelligence, I have been involved in a number of consultancy engagements with banks and suppliers to assist them in assessing and choosing the most appropriate biometric system to meet their requirements.
Based on this experience, and engagements with a wide range of biometric and authentication technology companies, we have devised an assessment methodology that banks and systems integrators can use to ensure that the most appropriate biometric system is chosen.
The Goode Intelligence Banking Biometric System Assessment (BBSA) tool is based on four interlocking parts, biometric performance, usability, regulation and security. It is also applicable to other highly regulated industries including healthcare, government, telecommunications and utilities.
The methodology provides guidance to banks in assessing biometric systems and exactly how a bank weights the assessment criteria is dependent on their own set of circumstances such as budget, security policy, bank channel, regulatory environment and risk and privacy models.
There will obviously be other technical and non-technical assessment criteria that a bank will use including integration, scalability and support models.
Biometric Performance: The assessment of the biometric performance and accuracy of a banking biometric system includes measurement of False Reject Rates (FRR), False Acceptance Rates (FAR) and Failure to Enrol Rates (FER).
The accuracy of a banking biometric system is expressed as an Equal Error Rate (ERR). It is important to be pragmatic when assessing biometric systems using these standard biometric performance measurements as 'lab conditions' may not match those experienced by a banks' customers when they are using the technology.
It is important for a bank to ensure that they can continuously measure the performance of a live biometric system and banks must ensure that their suppliers can meet this requirement.
Usability: Today’s app-driven world means that getting usability right across a wide-range of devices is essential. What might be an appropriate biometric modality in terms of usability at an ATM might not be appropriate when a bank customer is authenticating themselves via a mobile app or via an Interactive Voice Response (IVR) solution.
A pilot or proof-of-concept (POC) provides an opportunity for banks to evaluate a biometric system and different biometric modalities. Financial institutions should build usability measurement into these pilots and POCs and to gather feedback from users in reference to how easy the biometric systems are to use. Regional differences also play an important part in the usability choices of a bank; a biometric system that is suitable for one region may be inappropriate for others.
Security: When evaluating a biometric system for banking, banks should ask whether the system is secure and able to meet internal and external (regulatory) security requirements. Biometric systems must adhere to security policy and regulation and biometric data, including templates, should be securely captured, encrypted and stored.
Regulation: Banking (industry) regulation is the fourth main component of the assessment of a biometric system for bank use. Biometric systems in banking is currently controlled by a mixture of data protection and privacy regulation, such as the EU’s Data Protection legislation, technology-based guidelines including the US’s FFIEC guidance on the use of authentication in an internet environment, and specific financial services regulation including the EU’s Payment Services Directive II (EU PSD II).
This article was originally published on Alan Goode's Blog. Republished with permission.
Goode Intelligence has published more information on its banking biometric system assessment methodology / tool in its recently published report; Biometrics for Banking; Market & Technology Analysis, Adoption Strategies and Forecasts 2015-2020.