There's plenty of debates in the financial services market about the merit of PINs and one-time passwords as it relates to mobile security.
Much like the chip-and-PIN versus chip-and-signature debate, in the mobile user world, there's a case being made for why some banks need to stop using PINs and SMS-based approval for banking services. Pointing to the Asian banking market, Tony Chew, Citibank's global head of cybersecurity regulatory strategy, spoke at the EmTech Asia 2016 conference about this very subject.
But his comments have an implication on the future of banking and security beyond the Asian market, of course.
With all the chatter around biometric authentication for smartphones (Alibaba and MasterCard have been two companies who've pushed this idea), Chew said that when it came to investing in mobile banking apps and security features, now is the time to ensure biometrics is the standard.
That means ditching those PINs and one-time passwords that he says just don't have the proper security measures in place to verify that the user approving the transaction is actually the intended user.
Chew indicated that banks need to keep up with consumer demand, which has increasingly shown more sophisticated digital and mobile banking options. To that point, he also insisted that banks need to look outside the box and implement more creativity when implementing their next digital banking innovation.
The biggest hurdle? Getting over PINs and passwords. He noted that it was "absurd" that banks were still relying on these antiquated methods to ensure top security of digital banking products for customers. What he suggested instead was for more banks and financial companies to rely on biometrics technology, such as facial and voice recognition.
As for a few examples of this: Alibaba has made it clear that it wants to have the selfie be the new way to pay. Perhaps, the next wave of big “Pay” players might have “Smile Pay” in their names. MasterCard has shown interest in implementing technology into its mobile payment option that enables users to snap a photo with their phones at checkout. Scanning a photo, some suggest, is easier than remembering a password. Last year, JPMorgan Chase integrated Touch ID into its mobile banking app for a seamless customer login that eliminates typing in a password.
The move to establish identity based on what you have (fingerprint, retina) rather than what you know (codes and passwords) is what makes biometrics a worthy substitute for passwords. The biometrics market is expected to expand to $44 billion by 2021 globally. The demand that was driven by law enforcement, border control and governments to issue IDs is going mainstream and entering the consumer domain, where Touch IDs and facial recognition tools are already being used for logins. Pioneering these efforts is the financial services industry.
The latest data from Goode Intelligence indicated that there are at least 120 million customers using mobile biometrics on a daily basis for their financial transactions. The forecast shows there will be 16 billion mobile biometric payment transactions this year, and by 2020, the number of FinServ customers using biometrics to authenticate payments via mobile devices will skyrocket to 1.1 billion.