The Deloitte Center for Financial Services expects synthetic identity fraud to generate at least a $23bn loss by 2030, prompting many banks and fintechs to develop more advanced security systems using biometric technology.
As financial services and high-value transactions increasingly move from in-person to online, so too does demand for more secure, frictionless capabilities. To optimise this, Pascal Tavernier, executive director at UBS, says artificial intelligence (AI) is the game changer and biometrics is the future.
Privacy and security
Technology and regulation lie at the heart of ensuring privacy and security, Mr Tavernier says. From a consumer perspective, he adds that more work is required from all market players to explain data privacy and how data is used, with strong regulation playing a central role. “Within the European Union, we have very strong regulations for General Data Protection Regulation (GDPR); the GDPR follows principles of lawfulness, fairness, transparency, limitations on the purpose of using the data and also minimising data breaches.”
Technology already offers strong protection against cyber security attacks through biometric hashing: the storing of biometric data in a way that is non-recoverable. Even if criminals gain access, “there’s nothing they can do with that data”, Mr Tavernier says, “because they cannot recreate the face, they cannot recreate your palm or any other of your biometric credentials”.
Liveness detection is the pivotal point, Mr Tavernier says, referring to the difference between protecting a password (something you know) compared with protecting biometric information (something you have). “You can always copy your biometrics; you can’t protect privacy in that sense. The game changer is liveness detection. It's AI technology used to detect whether you are a real person or whether you’re a deep fake, or a mask, or a replay.”
Biometrics, liveness detection and the use of AI also make it difficult to circumvent controls, Mr Tavernier adds, reducing the risk of fraud overall.
Digitalising the lifecycle of banking
Banks should reconsider the client identity lifecycle process, Mr Tavernier says, referring to lengthy processes often required when users lose information, for example details required to regain access to a bank account. It’s a “lose-lose” situation, he says. “Users get frustrated because they have to wait in a queue for a long time and then they need to answer some strange questions. That’s not trust building.
“On top of that, it's very expensive for the service provider. For a bank, that call will probably cost between SFr30–40 ($30–45),” he adds. A cheaper, self-service alternative presents a “win-win” situation which could be offered through biometric authentication and liveness detection, potentially in combination with a one-time password, Mr Tavernier says.
Demand is also driving the development of digital signatures. Signing physical contracts can be digitalised, Mr Tavernier says, which offers a cheaper, more frictionless experience. Users would instead go through a digital onboarding process by presenting an identity document and using liveness detection to digitally sign contracts.
Biometrics to lead the future
Reusable digital IDs — verifiable credentials that a person can use both online and offline to authenticate themselves — will increasingly come to the fore, says Joe Palmer, chief product and innovation officer at iProov. Such IDs may incorporate a plethora of details such as biometrics, citizenship and vaccination status.
Not only do digital IDs save time — consumers would no longer provide the same details multiple times for different service providers — but the digital replacement prevents the unnecessary oversupply of sensitive information, Mr Palmer says, pointing to better privacy preserving features. “There are two competing digital identity standards and they have a lot of promise for things like selective disclosure. So, the ability to prove one aspect, like your age, without revealing any other information.
“It also means you can go through an identity proofing process once, get verifiable credentials issued to a mobile-based wallet, and then when it comes to opening a new account, you can selectively disclose data in a cryptographically verifiable way,” he adds.
Trends towards digital identity wallets will continue to develop, with Juniper predicting digital wallet transaction values to reach $16tn by 2028. These wallets would enable identity data to be stored, encrypted and verified, to be used across apps, websites and potentially in person too. Within three to five years, digital identity wallet style apps will likely be the norm, Mr Palmer says.
We are also talking to the regulators to allow credentials from the same factor — biometrics only — because that’s the future.
Alongside this, Mr Tavernier foresees a growing trend of using biometrics only, something he is actively working towards. Currently, biometrics are used in combination with another factor — typically a knowledge factor, like a password, or a possession factor, like a mobile phone.
But biometrics only is the future, he adds, describing two-credential biometric use — like the user’s face and palm — as “far more secure and frictionless. I was pushing for a proof of concept in that area,” adds Mr Tavernier.
“We are also talking to the regulators to adjust their regulations to allow credentials from the same factor — biometrics only — because that’s the future.”
Users will also increasingly govern their own self sovereign identity, meaning credentials ownership lies with the user only, who can decide to whom it is exposed to. Again, biometrics form the essential component, and AI is the enabler, Mr Tavernier says.
But regulation is currently behind technology and work remains to convince regulators in the direction of AI as a game changer, Mr Tavernier says, predicting that the first biometric-only products will take roughly two years, with regulators catching up a few years later. As regulation adapts, so too will banking, with biometrics at the fore.
