Mobile device iris scanning a banking security improvement? Industry weighs in
British bank TSB recently announced come September, its mobile banking app will allow some customers to log in via iris scanning technology. According to published reports, customers with either a Samsung Galaxy S8 or S8+ can access their accounts literally at a glance.
TSB’s iris scanning uses 266 unique characters as opposed to 40 for fingerprints.
While many in the industry hail such developments as an improvement in security, the devil’s in the details, Richard Parris said. Mr. Parris is CEO of Intercede, an identity authentication solutions provider. Customers need to be convinced biometrics are indeed more secure, and that means the banking industry needs to produce dedicated education campaign.
“Biometric authentication is not entirely immune to potential attack and therefore should not be relied on as the sole means of verifying a user,” Mr. Parris said, citing German hackers penetrating a Samsung GalaxyS8 iris scanner with the picture of the owner’s eye and a contact lens and a journalist’s fooling of HSBC’s voice recognition system as two recent examples.
[caption id="attachment_55117" align="alignleft" width="228"]Etienne Greeff[/caption]
“But what happens when your biometric security settings are hacked? You can’t change your voice, you can’t replace your eyes, you can’t reset your fingerprints. Those things are constant, permanent and contain genetic data that is unique to you. The implications of biometric security hacks can be much more severe as a result, and businesses are being forced to consider how they are protecting consumers’ genetic data through the imminent GDPR (General Data Protection Regulation) initiative.”
Because of GDPR, companies need to more focused on protecting clients’ biometric data. Mr. Greeff added.