Leveraging Biometric Authentication For South African ATMs
Across the globe, banks have validated the identity of their customers at the ATM with something the user has (such as a bank card) and something the user knows (typically a PIN). This approach is becoming outdated and increasingly vulnerable to identity fraud. To make matters worse, the number of digital identities seems to grow exponentially each year along with ID cards, tokens and smartphones. Validating the authenticity of the digital identity and binding it to the correct individual is now paramount. Only biometrics provides the means to securely link a digital identity to an actual person.
The banking industry has adopted new technologies to decrease fraud, including EMV cards for purchases and withdrawals and OTP tokens for home banking. Yet these technologies fail to provide the assurance that the person using the card or token is who they claim to be. Neither can answer the question: Is the person presenting the token a legitimate bank customer or a fraudster? If a biometric solution, such as a fingerprint, is used with a digital identity, such as a bank card, the bank can have a much higher level of confidence in the transaction. Furthermore, when a biometric is coupled with liveness detection to ensure that the fingerprint data is derived from a live human finger, the ability for a fraudster to use a fake biometric is removed, and concerns about the privacy of biometric information are reduced.
Here are the four most popular ways that biometric authentication is being used today at ATMs and self-service kiosks:
PIN replacement. One common approach is to use fingerprint biometrics in place of PINs in the ubiquitous card-plus-PIN transaction model. The use of a fingerprint to authenticate is generally easier for the customer than remembering a PIN and it also brings a higher level of certainty about the identity of the individual who is transacting.
The card-plus-fingerprint approach requires the customer to simply insert the card and touch a finger to the reader to conveniently complete a transaction. Widely used today in Brazil, the fingerprint solution is facilitating an estimated four billion ATM transactions annually for customers at four of the country’s top five financial institutions.
To be a successful component of transactional authentication, the biometric technology chosen must deliver the highest possible level of reliability and performance. Multispectral imaging is a biometric technology that addresses the high performance requirements by reading relevant fingerprint information from both the surface and subsurface of the finger. The extra data allows a high level of biometric matching performance — with a single touch in any environment — and virtually eliminates the fraudulent use of counterfeit fingerprints. With this technology, South African bank customers will soon be able to enjoy PIN-less processing if they wish, making bank services even more inclusive and convenient.
Provide authentication to new applications. A bank’s greatest investment is in its customers. Determining the proper identity of each individual is critical for providing a customized tailored experience. Customer assets, such as attributes that comprise their digital identity, must be protected and also be usable across various platforms. Interoperability becomes a key requirement in any solution to enable banks to purchase devices from multiple vendors, permit cross-bank usage and pave the way for many new applications and services in the future.
In South Africa, the biometric solution in banking that is used when new accounts are opened or when beneficiaries are changed must be interoperable with the Home Affairs National Identification System (HANIS) to confirm the individual’s identity. This not only curbs fraud but also provides additional cost savings through the reduction of paper consumption. And if strong authentication is required for employees in the future, the same fingerprint sensors can be used to replace passwords for network authentication.
Multi-transaction sessions. Placing a finger on a sensor takes less time than keying in a PIN. When multiple transactions are needed in a single session, fingerprint authentication provides a quick, simple and non-intrusive way to authenticate a single person multiple times.
Incorporating biometrics directly into a smart device. As banks migrate to a multi-channel strategy for their customers, new technology provides the flexibility to store a user’s biometric information on a smart device such as a smart card or smartphone. When a bank customer uses biometrics to authenticate, providing an option to match against a local credential removes the reliance on back-end connectivity, while still binding the authentication request to a unique individual.
The goal of any ATM transaction is to provide a convenient service while ensuring the identity of the individual to whom the service is being provided. Managing risk is a matter of balancing and, ideally, enhancing both security and convenience. Biometric authentication is rapidly becoming the most efficient and effective way of offering this capability with the highest level of certainty, which is why it is increasingly popular for securing ATM transactions.