HSBC joins Mastercard in offering selfie verification – but is this biometric just a more risky, less secure gimmick?
Selfies – you either love them and celebrate the new form of self-expression, or loathe them, blaming the smartphone self-portrait for creating a generation of narcissists. Either way, the global phenomenon is here to stay, with banks a major driving force in how the selfie is graduating from gimmick to every-day necessity.
Today, HSBC joined the likes of MasterCard in announcing selfie verification, allowing mobile banking customers to dispense with traditional passwords thanks to facial tracking technology.
HSBC will verify a customer’s selfie through comparison with a passport or driving license picture held on record. The bank is not alone in betting on a biometric future – Barclays, Atom and Nationwide all use biometrics in order to better secure and simplify the banking process. But while HSBC’s Richard Davies hopes that the selfie will become ‘the verification method of choice” for customers, myths perpetuated by Hollywood films and a lack of information are dogging customer adoption. CBR looks at the myths surrounding the selfie and biometrics in general, with experts setting the selfie straight when it comes to authentication.
Myth 1: The Selfie Is Just a Gimmick
“Aside from straightforward security improvement, there are other major benefits for banks adopting biometric authentication.” Said Paco Garcia, CTO at Yoti.
“Better fraud detection, better identity management, better audit trails, better internal controls and, as a result of all of that, more trust from consumers. And really, it’s no surprise that banking and payment processors are moving so quickly to adopt these new processes – they are under huge competitive pressure from digitally native, mobile experience focused newcomers. Consumers tend to appreciate the simplified access as a result of not having to recall passwords and usernames and, although I’m not a marketer, I imagine they will find attraction in the futuristic feel of biometric technology.”
Myth 2: The Selfie is Risky
Chris Hill, Commercial Technology Partner at Kemp Little said: “There are of course some risk areas – how do you know for certain that the base document used as the comparator picture for the selfie is itself genuine? What if a different selfie is intercepted by hackers along with a copy of the underlying document?
"But the key point is that the transmission of this ID information over a mobile data network is actually no more risky than an in-branch meeting with presentation of physical documents: in fact, if the right verification technology is deployed against the right datasets, it might even be safer. We expect other financial institutions will follow suit – especially digital banks without a branch infrastructure.”
Myth 3: The Selfie is Less Secure
“Currently biometric identification is seen as the higher standard for verifying identity. Not only is it not prone to forgetfulness like the password; it is also more secure. What’s more, 80 per cent of consumers believe biometric authentication is more secure than traditional usernames and passwords, which often end up on Post-It notes.” Said Richard Lack, EMEA Director of Sales at Gigya.
"Critics argue wrongly that authentication using selfies is gimmicky, and somehow less secure, when in truth this is a brilliant application of well-proven facial recognition technology which has been around for decades in a way which makes it appeal to target customers, who value convenience and ease of access to their banking facilities, but refuse to compromise security."