Chris Skinner's blog

Shaping the future of finance

Making banking better for the bank and the customer

Chris Skinner Author Avatar

The username and password began to appear with technologies back in the 1960s although some might say they even date back two thousand years.

Over the past half century we have also added more security systems for banking. The start of change was when we introduced a 4-digit PIN for getting cash. Funnily enough the inventor of the ATM thought this would be hard for people to remember.

The ATM made its debut at Barclays’ Enfield Town branch in north London in June 1967. Its invention is credited to British inventor John Shepherd-Barron, and was first launched with Barclays Bank back in 1967.

But the PIN wasn’t invented by Shepherd-Baron himself, but by his wife. Originally, he had suggested a 6-digit PIN, but his wife Caroline said that a 6-digit PIN was too difficult to remember, and she could only remember 4-digits. That’s why most cards today have a 4-digit PIN.

Obviously, over time, technology has developed to the stage where we are far more advanced. Or are we? In the 2020s, surely passwords and PINs are dead? The issue is that they are too easily cracked.

Today, most of the time, we are asked for a username and password. People often forget passwords or use the most basic ones, like Password1!. As a result, for many, their usernames and passwords can easily be hacked. The same with a PIN like 1234.

Therefore, it is interesting that banks introduced additional security, such as key fobs with one-time passwords (OTP) for improved authentication. Called two-factor authentication (2FA), many customers did not like such security keys as it added additional work to access their bank account, but then others appreciate it makes the bank more secure.

However, it still did not overcome the exposures to access, as criminals are pretty clever at working out ways to break into the bank as that’s where the money is.

Luckily, smartphones introduced biometric authentication using finger and, more recently, facial recognition. In addition, smartphones allowed authentication based upon location, as does the internet. You can identify where a customer is physically accessing the bank, alongside their movements. And so other layers of verification came along. Between username and password, PIN, OTP, 2FA, biometric identification and location tracking, you would think that banking would be fully secured. After all, we now have multi factor authentication based upon something you know – a PIN – something you are – biometrics – and something you have – a token.

Source: WSO2

Three factor authentication should be lock-tight and yet, even so, people still get scammed. Sometimes it is because they give away details to strangers, accidentally allow information to be shared and find they lose money. However, there is a solution that goes beyond just adding an extra layer of security…behavioural.

The aim of behavioural authentication mechanisms is to make things seamless and easy. Rather than having systems, robust as they are, that are user dependent and end up interrupting the user from their transactional flow to execute verification, the aim is to be transparent, easy and seamless. In other words DBA is not another layer of authentication, but an alternative to today's authentication mechanisms, where verifications happen in the background using data captured about the user.

Behavioural authentication has been around for a while. Some years ago, technology firms were offering banks security services based upon how the user used their keyboards! Equally, many years ago, I was talking with firms about how to look at multi-authentication techniques, and these have developed a long way since.

WSO2 talks about data-driven behavioural authentication (DBA) as a promising solution that relies on identity verification automatically performed using large amounts of customer data that's already captured through the banking process, instead of interrupting the user for multiple verifications.

How does it work?

DBA uses data captured about the customer online and compares it with historical data to verify the customer's identity, instead of asking the user for authentication information. Verification happens while the customer is digitally engaging with the bank, but as a background process so that the customer continues to consume financial services without frequent interruptions. DBA also paves the way for personalisation through the customer profile that is created for verification.

In other words, by creating a digital profile of customers through the data they share about their behaviours online and through their smartphone, a bank can authenticate without all of the overheads of the customer experience having to enter PINs, passwords and other details. Alternatively, DBA can be used as an addition to such other security methods. It is the bank’s choice.

You can read more about DBA here, and it is clear this makes banking better for both the bank and the customer.

Chris Skinner Author Avatar

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog,, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...

What is the future?

Learn more

Learn more about Chris

About Chris Skinner

The Past, Present And Future Of Banking, Finance And Technology

Fintech expert Chris Skinner: countries need digital transformation to remain competitive

Join me on Linkedin

Follow Me on X!

Hire Chris Skinner for dinners, workshops and more

Learn directly from from one of the most influential people in technology, gain insights from the world's most innovative companies, and build a global network.

Chris’s latest book

Chris Skinner’s ‘Digital For Good’ Book Launch Event – CFTE

Top 50 Global Thought Leaders and Influencers on FinTech 2023

Chris Skinner
Commentator, CEO of The Finanser and best-selling author at The Finanser

Thinkers360 Thought Leader

Contact Me

Global Awards

Lifetime Achievement Award

Global 100 - 2024 Winner

Chris Skinner - Financial Markets Advisor of the Year - The Finanser - UK 2023

Best Financial Markets Advisor of the Year 2023

30 Best Regtech Blogs and Websites 2023

Kids creating the future bank | TEDxAthens

Captain Cake and the Candy Crew

Captain Cake Winner of a Golden Mom’s Choice Award


Alex at the Financial Services

Gaping Void's Hugh MacLeod worked with the Finanser