Identity verification is a critical problem for banks, but in today’s evolving security landscape, there are many options available to financial institutions looking to provide a biometric authentication solution for their consumers.
The problem is, many of these solutions focus more on being consumer-friendly or on the marketing needed to get users interested instead of what really matters – verifying that consumers are really who they say they are.
But Toby Rush, CEO and founder of EyeVerify, says it’s possible for banks to have the best of both worlds.
“We’re approaching this really as a payment-grade solution — whereas a lot of other biometrics are a little bit more consumer-focused or more about flash and marketing than they really are about security,” Rush explained.
EyeVerify is unique in that it authenticates online transactions using pictures of the human eyeball, or eyeprinting. The Eyeprint ID for mobile login solution takes a photo of a user’s eye from the smartphone and examines the eye-vein patterns to create a digital key instead of a complex password. According to EyeVerify, the technology is more than 99.99 percent accurate, making passwords a thing of the past.
Rush said Eyeprint ID is convenient for consumers – basically, all they need is a mobile device with at least a one-megapixel front-facing camera and their own eyes – but also has the “things under the hood” that are more attractive to banks.
So what’s under the hood?
According to Rush, the solution is able to meet the security requirements around accuracy, liveness detection or spoof detection and privacy, while also being consumer-friendly, which is where other biometric solutions on the market fall short.
“We can nail the user experience on the convenience side, but we also have the security and privacy to back it up as well,” he added.
Why The Eyes?
Rush explained that the eyes are an interesting point of authentication because they actually have an enormous amount of detail and information that can be extracted to give a really high accuracy as well as really strong liveness for authentication.
But it’s more than just iris scanning.
Eyeprinting authenticates mobile device users by providing verification using the eye veins and other micro-features in and around the eyes.
The eyes provide a source of authentication that has rich content and information but also can be convenient for users to provide via mobile because they are constantly looking at and touching their mobile devices, Rush said.
For banks, this is a win-win because they are looking to make authentication as “streamlined, natural and seamless to the user’s natural interactions as possible,” he added.
According to the company, Eyeprint ID is used by more banks than any other software biometric, including Wells Fargo, Community America and Mountain America Credit Union.
The solution is also being used on the payment platforms of Ant Financial, Alibaba’s payments unit, which acquired EyeVerify for $70 million last year. Ant Financial has more than 450 million customers and services spanning online payments, peer-to-peer lending and wealth management funds.
“Ant Financial’s vision to turn trust into wealth for small and micro enterprises as well as consumers worldwide resonates deeply with our own core mission,” Rush said when the acquisition was announced in September. “Our payment-grade biometric platform is already trusted by over three dozen banks and technology leaders, and we look forward to helping even more people across the financial spectrum access digital services with security and convenience.”
Looking Into The Mobile Biometric Future
From Rush’s perspective, more companies are beginning to focus on and see the value in biometric authentication using the face and eyes.
While he expects to see much advancement in other machine learning techniques around how you hold or move a mobile device, how you navigate the apps and even where you’re accessing a phone, those still tend to be more background or softer biometric methods.
Typically, a fingerprint or eyeprint will still be needed on the front-end to authenticate a user’s initial access.
“We’re just naturally seeing some pretty nice standardization and consolidation around the industry on the best approaches and the most natural approaches for users to authenticate and then how to interface with those platforms,” Rush noted.
These industry standards continue to evolve, but essentially originate from two sources – performance and interfaces.
Rush said that companies like Apple and Google have helped to establish a factory standard that 99.98 percent accuracy is necessary for biometrics from a performance standpoint, which is now used as a benchmark across the industry.
It’s also important to determine how applications interface with various technologies in a way that can be standardized. When it comes to biometrics in particular, groups like the FIDO (Fast IDentity Online) Alliance are working towards establishing that industry standardization.
Just last month, EyeVerify’s eye-based mobile biometric authentication technology was certified by FIDO, making Eyeprint ID compliant with the FIDO standard and interoperable with other products and services that support FIDO specifications.
But could the day come when driver’s licenses and passports are no longer the lowest common denominator for identity verification?
While it will take some time for biometric technologies to get to the same level of being accepted everywhere much like physical, government-issued IDs are today, it’s definitely something Rush sees as happening one day.
The real question is, who will play the anchor tenant role in moving that type of standard forward?
Rush said that while banks have the advantage of being highly trusted by consumers, which can help to drive the concept of biometric authentication being secure, making driver’s licenses and passports a more legacy form of identity verification will require a level of interoperability that can diffuse a biometric authentication standard across all of the various endpoints where consumers are asked to authenticate themselves.
“There’s certainly a lot of lessons to be learned as we look at what Ant Financial is doing, which is impressive just purely on a financial services side. The capabilities that they enable their consumers to have inside of their world is an interesting way of looking at creating an interoperable standard,” Rush said.