Interview: Unisys' Adam Oldfield on banking’s investment in biometrics
15 November 2016 16:11 GMT

By Craig Guthrie, editor

The depth and variety of biometric security implementations in the banking industry this year underline both the sector’s increasing interest in the technology, and the growing readiness by consumers to accept it.

But how close are we to full scale adoption in consumer banking? And what are the main barriers?

One major project taking shape in the UK, developed in a partnership between Behaviosec and Unisys for Nationwide bank, provides convenience and usability through its use of behavioural biometrics.

Launched in April, the app recognises unique patterns from people's natural interactions with their smartphone or tablet.

Planet Biometrics has talked Adam Oldfield, the EMEA Financial Services Sales Director at Unisys, a major player in the space, about the project and other key trends shaping banking's convergence with biometrics.

Biometrics in banking is taking off as fingerprint, voice and iris are deployed on smartphones and in branches and ATMs, but what do you see as challenges to future adoption?

Not every biometric solution will be right for every vendor, two of the most pressing challenges to the future adoption of biometrics in banking are; consumer trust and legacy systems. From a consumer point of view the key concerns are ease of use and how much they trust the technology. Take voice recognition for example. In the very early days users often had to repeat themselves several times before they could be authenticated, affecting the end user experience. From a vendor point of view, disparate systems and legacy systems can make implementation difficult, and depending on your IT decision making process this can arguably be the hardest part of adoption. No one size fits all, and deployment use choice by consumers will depend greatly on how vendors use it. Financial institutions may need to consider deploying more than one option in order to give customers the choice.

What is your take on the future of mobile payments – as in do you expect cards to emerge with sensors or will smartphones take over for payments?

Contactless recently took over cash for the first time, and I can clearly see a day that mobile payments over take everything else. This isn’t a 2020 or 2025 prediction, it’s happening right now. Biometric security is certainly fuelling trust and adoption of mobile payments, so it’s not so much a question of whether this will happen but when. I think the biggest challenge to adoption is consumer behaviour. For example, I believe that cash could even disappear before cheques. I personally very rarely carry cash unless I know I’m going to need it because I have my smartphone, wearables and contactless cards. Cheques will be more difficult to phase out because of consumer behaviour, they are still written out as a secure way to pay bills, give a loved one money in a card, or if you don’t know someone’s bank details, an easy way to send them money.

Can you go over the part Unisys played in the Nationwide solution? Why are behavioural biometrics such a powerful proposition for banks?

In support of Nationwide’s new biometric banking initiative, we partnered with BehavioSec to develop a prototype mobile app which assess how behavioural biometric technology can be used to identify mobile banking customers more securely, help prevent fraud, and improve the user experience in the future. Behavioural biometrics provide an additional level of security based on the natural interaction consumers have with their smartphones or tablets, almost like a secret layer of security, allowing financial institutions to provide a frictionless customer experience and more secure service without asking customers to remember or input any additional information. This not only simplifies and improves the user experience, but also offers the security needed to provide both Nationwide and its customers with peace of mind.

In terms of regulation and privacy of biometric data, is everything progressing as it should – or does there need to be more emphasis on privacy by design?

Under the GDPR organisations will of course need to be increasingly stringent when it comes to data privacy, but the industries understanding of how best to be compliant is still evolving. An interesting area to consider for the storage of biometric data is how consumers will consent for this information to be collated. How will businesses define what biometric data is, for example does this include an individual’s behavioural footprint? This kind of information is just starting to become mainstream, and leaders in the industry will be looked to set the standards for best practice. Regardless of the source, all data should be stored and managed with the utmost care, any negligence will result in not only a financial loss, but arguably more important, loss of trust by the consumer. 

In your ideal future of digital identities, would biometric data be stored alongside biographic data in a secure database? If not what is your ideal model?

From a vendor perspective, I would recommend the best solution is to separate this information given its extremely sensitive nature. Technological solutions such as Micro-segmentation can protect a network by breaking it into smaller “chunks”, down to the packet level, creating multiple, unique, closed user groups. I would suggest that biometric and biographic data should be stored in alternate secure enclaves under such as solution, improving the security and reducing the accessibility of that data.