I recently spent an enjoyable evening watching Bill Bailey in concert. One of his many anecdotes was about his experiences with Facebook. Someone had set up an account in his name and what was particularly frustrating was that the impostor ‘was leading a much more interesting life than I was’.
Joking aside, there is a far more sinister side to this. Proving one’s identity is an essential part of modern life and identity theft and fraud is a very real challenge, both for individuals and financial institutions. In the US, for example, 17.6 million people were victims of identity theft in 2014.
Of course as technology evolves there are ever more occasions when we are asked to identify ourselves, whether it is to access a building, travel, obtain information from a website, withdraw cash or make a purchase online. Sometimes it can all get a bit confusing. I don’t know about you but thinking up (and then remembering) unique and memorable passwords for sites I infrequently visit is a real challenge and I’ve lost count of the times I have had to ‘change password’ before being allowed to proceed. It gets even more confusing as we interact with our banks in many different ways, each requiring its own form of authentication from Telephone PIN to ‘memorable words’ and internet banking password. Wouldn’t it be much more convenient if I could use one method to authenticate myself across all channels after all I have one relationship with my bank and I use channels based on my convenience.
You see, this is where branch banking offers convenience beyond some of the more digital channels, I could use my ATM card and PIN or account number and photo ID to authenticate myself, failing that if the branch staff know me by face, they will find a way to help me out. In other words, there is no specific ID for branch interaction – any/multiple forms of ID will do – what’s important is my relationship with the bank. Could the same model be applied across digital channels? As these systems have evolved over time in silos this may be a mammoth task but could be the first step towards a more unified and convenient customer authentication model.
A single password may be more convenient but as Bill Bailey’s experience suggests knowledge of a password or PIN doesn’t necessarily mean I am who I say I am; it simply means I know a piece of information in common with that person. Biometric solutions have the advantage that a person’s identity can be verified by confirming a unique physical attribute or behavioural characteristic, be it voice, facial characteristics, retina or finger scanning. You then know the person is present rather than their ‘token identifiers’ and when applied across the banking channels it offers convenience surpassing what is available today. Indeed, new entrants like Atom Bank recognise this opportunity and have started with the facial and voice biometric offer. Of course it isn’t that simple to choose a solution that is appropriate for general customer use... You have to consider the issues of ‘false rejects’, ease of use and enrolment as well as general acceptability to the public. In the case of finger scanning, for example, it has been well publicised that people from certain countries and indeed of particular occupations are unable to provide a usable scan. Our own experience at Glory shows facial recognition while being a convenient form of identification is heavily dependent on light conditions and success rate vary based on skin complexion. In other instances, the technology may be felt to be too intrusive or have hygiene implications. And last but not the least data security is even more critical in the biometric world as Kespersky warned recently, in case of data loss ‘Changing passwords may be annoying, but you can’t replace your DNA’.
In these days of omni-channel banking I do find it surprising that customers still have to identify themselves in different ways dependent on which channel they use. With software enabling customers to access multiple channels via a single device perhaps it is time for banks to review the whole issue of log-ins and authentication with a view to developing a consistent, proven, easy to use solution.