It was one of those days…
The chief financial officer’s flight was late arriving. His meeting schedule was stacking up. And he needed to get access to the company’s computer system and make sure some key vendors got paid.
He took a breath. It’s never fun trying to access the corporate bank account on the road.
It required three separate passwords (all changed every 30 days), plus an encrypted “security token” he plugged into the USB port on his laptop.
Then he remembered the new mobile security protocol.
He tapped the corporate bank app on his phone, entered one password, then raised the phone’s camera to his eye.
The device chirped; the words on the screen said: “Access granted.”
Believe it or not, banks are already baking this kind of biometric security into a growing array of their products.
The Ongoing Battle With Hackers
Wells Fargo now offers smartphone-based voice, face and eyeball biometric algorithms for its corporate clients through its “CEO” (commercial electronic office) digital banking platform.
(Let’s hope the bank doesn’t sign its business customers up for other banking services without their permission.)
OK, kidding aside, more banks are doing the same thing for their corporate and consumer financial business. Barclays, Citigroup and others have all rolled out similar biometric products as yet, another way to reduce the various kinds of cybersecurity-related fraud.
It’s one reason why biometric cybersecurity bears close watching for investment possibilities. It’s expected to be a $15 billion business in the next decade, according to Tractica, a market research firm. “There has traditionally been a demarcation between consumer and corporate enterprise cases, but this dynamic is starting,” as banks roll out these products to their customers.
Or, as one bank executive put it more succinctly: “We’ve had 15 years of passwords, and I think they’ve reached their due date.”
In some ways, biometrics are old hat by now. Smartphones have had fingerprint readers for years. So do U.S. customs officials. The military uses iris scanners to positively ID suspected Taliban in Afghanistan.
But the next step, as banks are now doing, is to use biometrics as one of the “multifactor” ways to limit the ability of hackers to steal data (or money) from a computer network.
One reason it hasn’t been much in use yet is because — well, let’s say you’re a senior executive, and you need to access your company’s most sensitive data that has some kind of voice-security protocol — but you have laryngitis. What do you do?
But newer algorithms embrace a realm called “behavioral biometrics” so that even if one factor of identification is compromised, a computer system could weigh other forms of personal biometrics to assess the user’s identity.
For instance, we all have different speeds, rhythms and finger patterns when we type away on our keyboards. We all handle our computer mouse just a little differently.
Some people press harder on the keys than others.
Behavioral biometrics exploit those personal characteristics to assess whether a user is friend or foe in the ongoing battle with hackers — and provide yet another fertile area for future cybersecurity investment.