Goodbye, Password. Banks Opt to Scan Fingers and Faces Instead.
Marlene Breverman stashed this in Biometrics
Secil Watson, the head of wholesale internet solutions at Wells Fargo, using an eye scanner to gain access to her Wells Fargo account. CreditJason Henry for The New York Times
Stashed in: Hackers!
Other uses of biometrics are also coming online. Wells Fargo lets some customers scan their eyes with their mobile phones to log into corporate accounts and wire millions of dollars. Citigroup can help verify 800,000 of its credit card customers by their voices. USAA, which provides insurance and banking services to members of the military and their families, identifies some of its customers through their facial contours.
Three comments that were posted:
1) Soon, hackers will steal our biometrics, and then we really will have lost our identities.
Some of us don't want to use smartphones. Are we going to have a choice?
2) One of eye ID technologies, either that described here or an iris solution is probably the future of secure identification. This article describes eye-vein ID technology but does not discuss Iris recognition, which is probably the most secure solution out there today. It's already been developed by companies like Eyelock and IrisID.
The rate of false positives on iris recognition is easily over 1 in 1 million per iris. If both iris's are scanned, that's over 1 in 1 trillion. And it is even less likely that there are two identical iris's held by anyone alive today or at any point in the history of man. (The chance of identical irises is less that 1 in 10^78 -- absurdly unlikely.)
It will be interesting to see where the large company's gravitate. Will they move towards the most secure technology available or will we struggle with the flawed system of fingerprints for the next decade as we have done in the prior decade with alphanumeric passwords.
3) The future will be in multifactor authentication. Biometrics will be only one of several factors. Device identity and rotating PINs are others. The more of these factors you combine, the less likely it is that someone can gain unauthorized access.
Nonetheless, any customer should have the option of limiting transactions, especially opening accounts or large withdrawals, to a personal visit to the bank combined with positive identification. That way, the risk is being minimized. If someone needs to first steal 2 biometric markers, a password, a device and a rotating PIN to steal a maximum of $1000 from an account, the amount of effort becomes disproportional to the reward.
That last point is key. If the effort does not merit the reward, thieves will lack motivation.