Let’s say you need to log in to your bank account, withdraw cash from an ATM or transfer money to someone. How do you complete the transaction? Mostly by entering your personal identification number (PIN) or password, depending on the type of transaction. What if you don’t have to enter a PIN or password? What if you can access your online banking using a wearable device that reads your heart beat? Everyone’s heartbeat is unique. And taking advantage of this unique identity feature, Toronto-based biometric and authentication technology company, Nymi, is experimenting with wearables. Here you can wear a wristband that transmits signals and identifies you as a user allowing you to bank online account. “In the coming year, biometric and authentication solutions are going to be the big changes in the financial services space. For me, the most interesting one is heart beat monitoring. You can simply measure it by wearing a device. Right now (being) experimented in Canada, this (technology) will become prevalent as it is secure and frictionless,” said Warren Mead, partner, global co-lead-fintech, KPMG Llp.
It may be too early to experience heart beat monitoring as a way to access your banking account in India, but Indian banks are slowly gearing up to use biometric technology in banking activities. Mint Money takes a look at the evolving cyber security space in banking.
The regulatory push
Globally, financial institutions are considered as one of the most vulnerable to cyber-attacks. In India, the use of technology for financial services has grown rapidly. The Reserve Bank of India (RBI), on 2 June, directed banks to immediately frame cybersecurity policies approved by their respective boards where the policies should discuss strategy, acceptable levels of risks and appropriate approaches to combat cybersecurity threats. “The policy should focus on aspects such as setting up security operations centres for continuous surveillance and management of cyber threats and protection of customer information,” the central bank noted in its statement. Banks have been asked to send a confirmation to RBI regarding setting up such a policy, by 30 September. Banks are also required to conduct an immediate study of any major gaps in preparedness against cyberattacks, propose measures to tackle them, check effectiveness of the proposed measures and set milestones with timelines for implementing them.
Moving to biometric
According to a KPMG report, FinTech in India-A global growth story, leading private sector banks are introducing innovative technologies to make banking more secure. Since securing an account with a powerful authentication tool is one of the important steps, globally, banks are working on technologies capable of using a customer’s unique characteristics for identity authentication. “The pressing need for financial institutions to deploy biometric technologies and adopt cybersecurity solutions is evident by the fact that the global cybersecurity market invested about $75 billion in 2015, which is expected to reach $175 billion by 2020,” notes Neha Punater, partner, management consulting, KPMG, in the report.
But why are banks looking at biometric? “Digitisation in banking is leading to a significant amount of data being generated. Banks need to speedily develop a strategic framework and policy mechanism to help ensure data security as well as promote the use of biometric technologies to prepare for future cyber-attacks,” Punater notes in the report.
Currently, some Indian banks are using fingerprint recognition and voice recognition.
Fingerprint recognition: In India, the use of fingerprint identification is linked to Aadhaar. In April, DCB Bank Ltd had launched a service using which you can withdraw cash from ATMs without your card and PIN. Your Aadhaar should be linked to your bank account. To use this facility, you have to enter your Aadhaar number and authenticate it with your fingerprint to withdraw cash. DBS Bank recently also launched a mobile banking app using which you can open a bank account by authenticating your fingerprint at a biometric device. Meanwhile, HDFC Bank Ltd is working on a similar product with FingPay of Tapits Technologies Pvt. Ltd, on biometric authentication at point-of-sale terminals. With this service, you can enter your Aadhaar number and scan your finger at the merchant’s outlet to make a payment.
Voice recognition: Bigger private sector banks such as ICICI Bank Ltd and HDFC Bank are also working on using voice recognition technology to authenticate customers based on their speech patterns. Last year, ICICI Bank had launched a voice recognition service. A person’s voice is identified based on parameters such as modulation, accent, diction and intonation. At the back end, the bank takes your voice print and authenticates it. The next time you have to ‘login’, your voice sample is compared with the one in the bank’s database. The customer needs to call from her registered mobile phone so that the voice recognition system can identify her. Industry experts say that HDFC Bank is also planning to launch a similar feature in the next 4-6 months.
What fintech companies can offer to banks
Besides working with information technology companies, banks are also closely working with financial technology (fintech) companies to help curb cyber fraud. For example, CustomerXPs, a company that provides fraud management solution for banks, works with banks to protect them and their customers from fraud by giving real-time analysis. “As a customer, you can interact with a bank through multiple channels, which means that fraud can happen through multiple channels,” said Rivi Varghese, chief executive officer, CustomerXPs Software Pvt. Ltd. Say, if a transaction happens on your credit card from Greece, and just minutes before it you withdraw cash in Mumbai through an ATM, the bank should be able to link with other channels to stop or trace this transaction. “If the bank works in isolation, it will not be able to link the two (transactions). However, if the bank has a view of all your transactions, it can prevent the fraud based on your transaction behaviour,” he added.
What should you do?
Banks are using various tools to tackle cyber fraud. However, as a customer, you too need to be careful. Currently, biometric technology for identification and authentication is not as widely used as PIN and password. So, never share your password or PIN with anyone. Change your passwords frequently and never use the same password for all websites. If you use banking apps, install them only from the authorised app store. If you use Internet banking, enable anti-virus and malware protection softwares. Use virtual cards for online transactions.
“Biometric is still at a nascent stage because initially the investment on technology was huge and the error rate was high. However, technology has evolved now and banks have started using biometric,” said Amit Jaju, executive director, cyber forensics, data analytics, software licence forensics, EY.
It may be a while before banks deploy biometric technology in a big way in India. But when it happens, your transactions will become more secure. Till then, you are your own security. Follow the simple steps mentioned earlier to keep your money safe.