Neil Bramley, B2B Client Solutions Business Unit Director, Toshiba Northern Europe

The scope for biometric security – which relies on the natural, inherent features of a person like their fingerprint, face or voice to confirm their identity – to become the standard in online and device security is becoming increasingly apparent. Such technology is already commonplace in smartphones, and its introduction to other mobile devices for added authentication is also growing rapidly with Deloitte predicting that smartphone biometrics will contribute to the acceptance of biometrics on other devices. Indeed, Technavio forecasts the mobile biometrics market to grow by more than 79 percent by 2021. This is particularly relevant at a time where people have been coached into implementing multiple long and complex passwords, which they are then told they must change regularly to avoid hacks. Forgotten passwords are a common concern: so much so that 93 percent of consumers and banking professionals already favour biometrics over passwords and PINs in consumer financial services, according to a survey by Oxford University and MasterCard.

The first line of device defence

Devices are so often the first-line of defence for financial organisations and, with the new GDPR directive coming into force in May, it has never been more important to keep sensitive online data secure. Yet beyond the financial and legal penalties of GDPR, the fallout from any data breach within the banking and finance sector is amplified by the fact that sensitive client and customer data within the industry is generally more valuable than that of other sectors. According to Ponemon Institute and IBM, the 2017 average cost of a data breach per record amounts to $245 in financial services – second only to healthcare and considerably more than the average of $141.

With research suggesting a financial company’s own employees to be inadvertently responsible for over half of all data breaches, CIOs must look to develop a security infrastructure which removes the threat from the hands of staff as much as possible. While deeper security solutions are essential in guaranteeing the protection of sensitive data at a network level, devices which boast biometric features – such as Toshiba’s X-Series range which offers both fingerprint sensors and iris recognition –  are becoming a requirement for many organisations looking to minimise the threat at device-level. Windows 10 users can also benefit from Windows Hello’s biometric options to simply and securely unlock their device via its facial or fingerprint recognition capabilities. The ability to combine these tools with passwords for two or three-factor authentication enhances protection further.

Advancing to voice and beyond

Biometrics have evolved swiftly since fingerprint sensors became a popular feature in smartphones in 2013, and this is now expanding to areas including voice recognition and full-face scanning. From a finance perspective, the banking industry is leading the way in this area. Large corporations such as HSBC are implementing voice recognition on their banking platforms in a bid to improve security, providing an easier yet more secure log-in experience for customers. While passwords and PIN codes are subject to countless dedicated hacking efforts aimed at prising open knowledge-locked information, biometric data is a trickier, less clear-cut security protocol to beat due to it being based on behavioural idiosyncrasies or unique biological data.

Elsewhere, while eye and iris scanning may well be less prominent within the industry right now, it is not without precedent and should be the next major consideration for financial organisations in the fight against cyber-crime. To this effect, it is predicted that spending on iris recognition biometrics will increase by more than 22 percent to $4.1bn by 2025. As mobile payments continue to grow in Europe, catching the continent up with its Asian and Latin American peers, iris scanning can ensure an even greater level of device authentication for customers as they transition to banking and payments via apps.

Once the technology is fully consolidated, it is evident that biometrics could likely become the automatic choice for first-level security. While not quite yet a fail-safe security tool – as security firms often seek to prove – almost two-thirds of consumers already want to be able to use a biometric scan to authorise in-store payments, according to Worldpay. This demonstrates rapid and progressive adoption of biometrics security, which in turn will drive greater development within the realm of biometric security solutions.