Banks weigh up biometrics

Posted on April 29th, 2005

Extra authentication could be needed for high-value financial transactions.

Companies could soon have to use biometric technology to authorise major financial transactions, as part of banking industry measures to tackle internet fraud and money laundering. Industry body the Association for Payment Clearing Services (Apacs) says corporate customers will be among the first to receive devices to physically confirm signatories as well as using passwords, so-called two-factor authentication. But banks dealing with high-value electronic transactions will require more advanced security, possibly via a third means of authentication such as fingerprint or retina scanning, says Tom Salmond, a consultant for Apacs’ ecommerce group.

‘If you have multiple signatories on an account it’s quite difficult to authenticate all of them, outside of giving them all different passwords,’ said Salmond. ‘So instead there’s something you have, such as a token device or chip. Then there’s something you know, such as a password or PIN. Finally, there’s something you are, such as a biometric. That kind of architecture would only be deployed for the really high-value payments.’

One insider at a UK high-street bank told Computing that his firm is set to launch an authentication system for major corporate customers next year, which is likely to include biometrics. He expects the rest of the industry to follow.

Salmond says that the industry plans to reach a decision next month on technical standards to authenticate users and check that they have permission to authorise large money transfers. Banks are also planning to tackle internal fraud by creating an industry-wide database to share information on sacked employees, following attempts by organised-crime gangs to solicit confidential data from staff. Together with the British Bankers’ Association, fraud prevention service CIFAS and the City of London Police, Apacs has set up a working group to outline requirements.

‘At the moment, staff dismissed for dishonesty can apply for another job in banking, so the problem continues,’ said a City of London Police spokesman.

By Daniel Thomas & James Watsom (Computing)