Striking the correct balance between the user experience we want and the security measures we need in order to avoid breaches, is a key challenge for today’s financial institutions. In practice, we usually see the scales favouring one side or another; either too much security that puts unwanted friction in the authentication space, or not enough, which provides the perfect environment for fraud. But what if there were a solution that bridged both worlds: a highly secure, compliant way to allow access to sensitive corporate or personal data?
Enter biometrics. Embraced by retail banks, the irrefutable security of biometric authentication is now finding its way into the world of the corporate treasurer. As passwords continue to be publicly flogged, the increasingly complex permutations driving us all slightly insane, biometrics are taking centre stage as the secure, unbreakable and cost-effective way to deliver impenetrable security and a frictionless experience to the end user. What started with the simple fingerprint, now inherent in many of today’s smartphones, has now developed to incorporate facial, voice and behavioral authentication, deployable across multiple operations and channels within a financial organisation. This view is backed up by analysts such as Gartner, who claim that in just two years’ time, 80% of organisations using biometrics will be using a combination of face, voice and passive behavioral modes, rather than fingerprints.
And finally, a clear driver for the adoption of this new tech is our old friend regulation. In the banking world, the launch of PSD2 is imminent, bringing with it new and stronger customer authentication requirements. In this case, biometrics provide the ‘inherence’ factor (something that a user is rather than has), so it wouldn’t be a stretch to imagine this authentication process finding its way into the transaction approvals process within today’s treasury department.
Since the inception of treasury management systems, corporate treasury departments have been controlling access and combating fraud by using checks and balances on systems access, and four-to-six-eyes authentications on sensitive transactions such as trade confirmations, payments and approvals. Great in principle, not so great when it’s a password that sits between sensitive data and breaches. Whether it’s a football team, name of a firstborn or simply the good ol’ P@55w0rd, our passwords are guessable, hackable and even shared. Fraudsters are getting ever more daring; at a recent treasury conference, I heard how a CFO was impersonated on the phone and ‘his’ demand for a high value payment “to complete a deal” was unfortunately actioned. This type of fraud has been exacerbated by the information we share on social media which gives the fraudster just enough knowledge to impersonate the person, such as knowing when and where the executive is on holiday for example.