Home / Crime / Can’t take my eyes off of you

Can’t take my eyes off of you

For a long, long, long, long, long, long time, I’ve talked about biometrics taking off in banking … and it hasn’t.

The biometrics market has picked up and tailed off in fits and starts, but there is no real mainstream biometric program out there that I’ve spotted to date.

The nearest I got was some things in Mexico with Banco Azetca’s fingerprint system in the mid-2000s, pay-by-touch which self-imploded shortly after and the Indian identity card which will give a billion people a biometric ID.

But it’s still all bunkum as no mainstream bank has rolled out a client focused biometric system that I’ve seen … until now.

At the exhibition here in Abu Dhabi I got a surprise when wandering the exhibit hall and bumping into a wee firm called Irisguard.

Now my aim here is not to advertise this firm, but just to say that they showed me their sign up and recognition system for iris scans, which are used by Dubai airports, and it seemed pretty good.

Having used iris systems before, this was far easier than any I’ve seen before and remember, iris is the most secure biometric.

So here’s their advert for banking, showing the system used in branches and ATMs …

Oh, and they are telling me they’re now also offering a simple home PC version for online transactions too.

Interesting stuff ….

 

About Chris M Skinner

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here…

Check Also

How Blockchain will Reshape the Financial Services Industry (Research)

Innovate Finance has been working with the Department of International Trade (DIT) on a report …

  • tonyw

    Since even random passwords can rapidly be cracked by mid-range graphics cards this would improve security and convenience.
    With my tin-foil hat on i see that iris recognition linking to Facebook provides the ultimate spying tool. Look at this youtube,
    http://youtu.be/3P9WOZql424
    remember the long range iris recognition from the film Minority Report and make a small leap of imagination and hey presto you and your friends are chipped.

  • Mario

    Is this a bank or an oculist store? Odd! Not me, man!

  • Chris,
    I hypothesise the reason biometric security hasn’t taken off yet in retail banking (especially ATMs) is that vendors are systemically unable to specify how their solutions perform in the field. When a bank’s security manager making a purchase decision gets down to brass tacks, and wants to know what the false accept rate is (i.e. incidence of successful fraud) they find there is no data.
    The problem is that almost all biometric accuracy testing is performed in the lab, and under “Zero Effort Imposter” conditions. The protocols only examine failure scenarios where no effort is made to impersonate a user; that is, they look at accidental errors but not deliberate efforts to fool the system. No less an authority than the FBI has stressed:
    “For all biometric technologies, error rates are highly dependent upon the population and application environment. The technologies do not have known error rates outside of a controlled test environment”.
    The FBI adds “When a dedicated effort is applied toward fooling biometrics systems, the resulting performance can be dramatically different”. Ref: http://www.biometriccoe.gov/SABER/index.htm.
    If I was selling a conventional ATM and I couldn’t tell a bank how it resisted criminal attack in the real world, I wouldn’t get very far.
    I have to say I am increasingly cynical about this industry. I see the intrinsic appeal of well engineered biometrics, and I would cut the vendors some slack if they were making an effort to get out of the lab and report resistance to criminal attack. But they all seem to duck the issue and fudge their error rate specs. For instance, I have been communicating for many months now with a major vendor of hand vein authentication (a technology claimed to be promising for ATMs) plus their agent, in an attempt to obtain the False Accept and False Reject Rates of their products as shipped. All they can tell me is their best case FAR and FRR — two figures that cannot be achieved simultaneously. Getting this data is like pulling teeth; they say their test results are confidential.
    Detection error tradeoffs for palm vein were published by the International Biometrics Group several years ago; see “IBG CBT-6” report from http://www.biometricgroup.com. Remember that these results are probably best case because they’re measured under Zero Effort Imposter conditions. Let’s consider performance when the False Match Rate is 1 in 10,000 because that’s what would result if a petty crim tried to guess a four digit PIN. The report shows that the False Non Match Rate at that point is between four and nine percent. I am sure that would be unworkable in a practical ATM; it would mean making the customer try again between one in 25 and one in 11 attempts.
    So the discussion a bank needs to have with their biometric vendor is an awkward one. To see reasonable customer convenience, with False Rejects less than 4%, the bank needs to know the corresponding False Accept rate, and be able to justify setting it at a level inferior to that of a four digit PIN. What’s worse, the best that the vendor will do is provide lab test results which law enforcement experts tell us cannot be reproduced in the field.
    For proper security planning, it’s simply untennable. Biometrics really are a leap into the unknown, a step that banks are clearly unwilling to make.

  • Actually, there is already a strong upsurge in banking using biometrics in client-facing applications. There are an increasing number of announcements of banks deploying biometric ATMs, for example, and this is already common in Asia.
    Nigeria and Poland I believe are two more countries that have recently announced such solutions.
    I agree there is a reluctance in developed Western nations to deploy such systems, but this more due to the banks’ concern of how such systems will be perceived by their clientele; the UK populace, for example, is ever suspicious of Big Brother, their governments and large institutions. These perception barriers are already starting to be lowered, and there is mounting evidence that public opposition, where clear benefit is realised, is eroding.
    I disagree with other comments that it is due to an ability of the technology to perform. The claim that solution providers are unable to inform clients of how the software operates is also false. I have not been involved in any large bid, especially for government solutions or law enforcement solutions, where there has not been rigorous and exhaustive testing to clearly demonstrate accuracy performance against clearly and aggressively pre-defined test parameters, in real-world environments, using customer data; I don’t expect financial customers would be any less arduous.
    Is a biometric system fallible? Yes. The question is, is it less fallible then existing precautions already in place, and does the deployment of such a system, in simple financial terms, demonstrate a clear ROI. Again, the answer is: Yes.
    I do agree that lab testing / data is insufficient, and solution providers who are unwilling / able to demonstrate predictable and repeatable accuracy SLAs in real-world environments should be treated with caution.
    Banks are now increasingly becoming aware of the value of biometric identification, of both their internal staff and their external clientele, especially in the area of high net-worth individuals and high-value transactions, and I expect we will see many exciting developments in identification solutions for this market.
    http://Allevate.com