Retail bank NatWest turns to biometrics

If biometric authentication comes into the mainstream, security experts have warned the technology is only as good as its weakest link. “Ultimately, it will depend on what kind of fallback mechanism these systems will have. If that fallback mechanism is easier to attack and cheaper, that’s where criminals will go,” says Tom Van de Wiele, …

by | March 14, 2019 | bobsguide

If biometric authentication comes into the mainstream, security experts have warned the technology is only as good as its weakest link.

“Ultimately, it will depend on what kind of fallback mechanism these systems will have. If that fallback mechanism is easier to attack and cheaper, that’s where criminals will go,” says Tom Van de Wiele, principal security consultant at F-Secure, the financial services security company.

On March 10, NatWest announced a pilot of 200 biometric bank cards in partnership with Gemalto, the digital security company.

Biometric authentication – which Gemalto claims will increase security and convenience – will use fingerprint recognition for transactions over £30.

Fingerprint authentication relies on the storage of the relative distances between certain nerve endings in the user’s fingers. When the bank’s customer scans, the transaction is authenticated based on a predefined margin of acceptance.

However Van de Wiele believes there are still security issues.

“Any security control that is singled out will fall in space in the long run. We know how quickly we could clone someone’s fingerprints based on a latent print on a water glass, for example or bypass biometric authentication with damp toilet paper. Our record is under four hours,” he says.

“The security will depend on the enrollment process,” he adds. “How easy is it to enroll or re-enroll a finger? In other words, if I just stole your card, how easy is it to fool the bank into re-enrolling my finger onto the card. What if someone compelled you to put your finger on the card, which is easier to do than compel someone to give you their pin – maybe they’ll implement a panic finger.”

Raj Samani, fellow and chief scientist at McAfee, also highlights that central data collection will be heavily targeted by fraudsters.

“Unlike passwords you can’t change your biometrics regularly. That means that securing this data is extra important since once compromised there isn’t a way back,” said Samani, in an email.

“From a maturity point of view we have to thoroughly think about the most resilient method of securely storing biometrics and the most secure usage of biometrics for authentication. Fraudsters have a keen ability to find the weakest link,” he said.

In a recent survey, Gemalto found that 82% of consumers would embrace biometric bank cards.

Categories:

Resources

Data matching & reconciliations: not spreadsheet native

Best Practice | Banking Data matching & reconciliations: not spreadsheet native

ReconArt

Data matching & reconciliations: not spreadsheet native

Here is a summary of the top 6 reasons why commonplace spreadsheet technology can no longer meet the advancing reconciliation… Continue Reading

View resource
Reza Simchi, Graviton Global Investments Pte Ltd - ETRM systems (Best Practices)

Best Practice | Banking Reza Simchi, Graviton Global Investments Pte Ltd - ETRM systems (Best Practices)

Enuit llc

Reza Simchi, Graviton Global Investments Pte Ltd - ETRM systems (Best Practices)

This presentation was created by Reza Simchi of Graviton Global Investments Pte Ltd in September 2021 for Enuit LLC in… Continue Reading

View resource
Profile Software eNewsletter Summer 2021 edition

Banking Profile Software eNewsletter Summer 2021 edition

Profile Software

Profile Software eNewsletter Summer 2021 edition

Profile’s quarterly eNewsletter Summer 2021 edition presents the company’s recent implementations in banks like Optima bank with the new Digital… Continue Reading

View resource
Customer Experience in Banking - ViewPoint

Best Practice | Banking Customer Experience in Banking - ViewPoint

Maveric Systems Ltd

Customer Experience in Banking - ViewPoint

Onboarding a customer, familiarizing them with the bank, and retaining them is largely dependent on the bank’s ability to create… Continue Reading

View resource