by Byron Connolly

Fingerprints still too unreliable for banks

Jul 04, 20143 mins
Risk Management

Biometric technologies such as fingerprint scanning have not taken off in the financial services sector because they are still too unreliable, particularly as an identifier at banks’ ATM machines.

This is the view of Brian Parker, CIO at Cuscal, which provides payments infrastructure for 150 financial institutions and owns and operates the rediATM scheme, one of Australia’s largest ATM networks.

“Fingerprint technology has been around for a while [and] it’s getting better, but the error rate is still relatively high,” Parker says.

“The quality is probably enough for you identify yourself to a phone – but would you trust it as your primary identification mechanism when you don’t know the extent of how your fingerprint is being validated by a third party? I don’t know,” he says.

Organisations must tune biometric devices to their risk appetite, he says.

“So the more critical the signature is … the more you put into the algorithms to validate it. This means that it doesn’t take much at all for your fingerprint to become unusable,” he says

“It can be a cut or something like that and suddenly it doesn’t work. I’ve heard of people who’ve actually been working, doing some manual labour, just enough to roughen it [their fingers up] and they don’t work.”

He said smartphone manufacturers set the tolerance down quite low on their fingerprint scanners so they are only looking for small amounts of patterns on an individual’s finger.

Use of other biometrics in financial services, such as iris scanning, is still a long way away, he says.

However, organisations across multiple sectors are exploring the use of several types of biometric technologies. The Australian Passport Office last November issued a tender for new biometrics technologies.

The organisation has been using facial recognition for its passport production process since 2005.

In 2012, ANZ Bank said it was exploring using fingerprint recognition technology to replace traditional PIN codes.

Parker said there an interesting discussion under way now about how secure a transaction has to be and how much organisations and consumers are you willing to pay for a certain level of security.

“If you’re protecting the front door or the control panel of a nuclear arsenal, you probably want to spend a lot of money on security to make sure it’s top grade and nobody can get through it.

“If you are trying to protect a $100 transaction on a card, would you apply the same grade of security that you would to get into that nuclear control room?

“That’s the catch-22 that we are in. You have to make a risk-based decision on everything you do. If you are happy to trust your phone access to a biometric which you know is not particularly robust, that’s fine.”

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Follow Byron Connolly on Twitter:@ByronConnolly