After the news of a banker’s offspring trying to blow up a flight on Christmas Eve by hiding explosive materials in his underpants, we wonder how such individuals get away with such acts. Can’t we monitor them better? Is there no way to identify the honest person from the dishonest from the outright terrorist?
This is a core issue in all aspects of modern life, and particularly in banking where it is wrapped up in our AML and KYC rules. On the one hand, we want to give customers good service which should be helped by knowing the client; on the other, we want to avoid dishonest or politically-exposed customers, which is why we have such rigorous account opening and transaction reporting standards.
But are they that rigorous?
9/11 was funded by hundreds of sub-$1,000 transactions, and a person who keeps a straight line until the day they walk across it is hard to pre-identity.
This is why we need to identify customers better in the future, and to avoid the lapses that account numbering systems expose us to. For example, we are meant to have a standard bank identification code for accounts across Europe in the form of IBAN and BIC, and yet the identifiers vary from 15 to 31 digits so there is no standard. Equally, there are no unique identifiers, in that I could have multiple accounts in multiple names or variations of a name: Chris Skinner, CM Skinner, Christopher Skinner.
This is why banks have been at the forefront of working with technologies that should help identity customers better and more easily and, today, the security services in the airports might provide answers for bankers’ dilemma’s over customer recognition and identification.
For example, for years banks have investigated biometrics as part of the solution to identity issues. Fingerprints and, more recently, iris-recognition ATMs, palmprint ATMs and facial scanners have been trialled at many banks worldwide. What these systems should deliver is instant recognition of anyone anywhere.
But we are a long way away from such solutions. For example, in my own travels, the number of times my ATM card is rejected in foreign climates on the basis of a ‘standard security check’ is becoming a common occurrence. Each time, it involves a telephone call to unlock the card, and this simple example shows just how far we are from finding viable method today of secure identification.
Sure, a telephone call seems fairly trivial in avoiding a potential fraud, but the customer inconvenience in both time and cost – a long-distance call to the bank is expensive – is intrusive and unwarranted for a world where technology has solved most other issues of convenience and access.
By way of illustration, almost a decade ago Steven Spielberg presented a vision of 21st century life in the film Minority Report, where everyone was known by the blink of their eyes.
Although the film was released in 2002, the vision of simple iris recognition is still far away from our reality – if you have tried such services at airports, you will know what I mean – but the effective and unique recognition of individuals is a key tenet of banking.
We need a unique single identifier of the individual, and something that can be easily used and presented anywhere, anytime by the individual, and fit for the second decade of the 21st century.
This does not mean a pure biometric recognition but, by adding a biometric recognition to an account at least it may overcome the clunky, chunky way we currently recognise customers through complex numbering systems and passwords that customer’s often forget.
And biometrics has become an area that is far more sophisticated than the ropey systems of a decade ago. For example, over a third of ATMs are based upon biometrics using palm vein authentication in Japan in 2008, and the number has been increasing rapidly to avoid fraud.
Or take the use of facial recognition systems in China. These were deployed extensively for the Beijing Olympics, with facial recognition chosen as the way to go because they are completely unobtrusive. These were accurate to the point of false positives or negatives only occurring on a rare occasion, with the ability to search over a million faces in under three seconds on a standard PC.
Now that’s simple.
What this shows is that banks and financial markets do have viable alternative customer recognition systems that are far more unique to the individual than an account number, password and PIN.
Using fingerprints on a mobile phone for example:
Using fingerprints on a mobile phone, palmprints at an ATM or facial recognition within branches all add an extra layer of security for a bank to uniquely identify the customer quickly and easily.
The real danger is that banks are no longer in the driving seat when it comes to customer identifiers … governments are as they impose citizen identifiers.
Citizens are increasingly expecting biometrics to be imposed upon them by governments and until banks start to work with the security services on these programs, the danger will be that they end up having to use whatever the governments give them.
And that might just be something that works well in tracking pantsbombers, but will be incredibly onerous and anti-customer for a bank user.