Newspaper article International New York Times

Rise of the Scan Is Making Passwords Passe ; Frustrated by Data Theft, Banks Invest in Biometric Technology for Security

Newspaper article International New York Times

Rise of the Scan Is Making Passwords Passe ; Frustrated by Data Theft, Banks Invest in Biometric Technology for Security

Article excerpt

Frustrated by thieves stealing personal data from millions of customers, banks are investing in biometric technology to offer better security.

The banking password may be about to expire -- forever.

Some of the largest banks in the United States, acknowledging that traditional passwords are either too cumbersome or no longer secure, are increasingly using fingerprints, facial scans and other types of biometrics to safeguard accounts.

Millions of customers at Bank of America, JPMorgan Chase and Wells Fargo routinely use fingerprints to log into their bank accounts through their mobile phones. This feature, which some of the largest banks have introduced in the last few months, is enabling a huge share of American banking customers to verify their identities with biometrics. And millions more are expected to opt in as more phones incorporate fingerprint scans.

Other uses of biometrics are also coming online. Wells Fargo lets some customers scan their eyes with their mobile phones to log into corporate accounts and wire millions of dollars. Citigroup can help verify 800,000 of its credit card customers by their voices. USAA, which provides insurance and banking services to members of the military and their families, identifies some of its customers through their facial contours.

Some of the moves reflect concern that so many hundreds of millions of email addresses, phone numbers, Social Security numbers and other personal identifiers have fallen into the hands of criminals, rendering those identifiers increasingly ineffective at protecting accounts. And while thieves could eventually find ways to steal biometric data, banks are convinced that they offer more protection.

"We believe the password is dying," said Tom Shaw, vice president for enterprise financial crimes management at USAA, which is based in San Antonio. "We realized we have to get away from personal identification information because of the growing number of data breaches."

Long regarded as the stuff of science fiction, biometrics have been tested by big banks for decades, but have only recently become sufficiently accurate and cost effective to use in a big way. It has taken a great deal of trial and error: With many of the early prototypes, a facial scan could be foiled by bad lighting, and voice recognition could be scuttled by background noise or laryngitis.

Before smartphones became ubiquitous, there was an even bigger obstacle: To capture a finger image or scan an eyeball, a bank would have to pay to distribute the necessary technology to tens of millions of customers. A few tried, but their efforts were costly and short-lived.

Today, the equation has changed. Many models of the iPhone have touch pads that can scan fingerprints. The cameras and microphones on many mobile devices are so powerful that they can record the minute details needed to create a biometric ID.

The smartphones also provide an extra layer of security: Many biometric features will only work when used on the specific phone that belongs to the bank account holder.

"If you have your phone and you are authenticating with your fingerprint, it is very likely you," said Samir Nanavati, a longtime biometrics expert and a founder of Twin Mill, a security software and consulting firm.

The trade-off, of course, is that in the quest for security and convenience, customers are handing over marks of their unique physical identities. After all, it is easy to change a compromised password. But a fingerprint must last forever.

Some bank executives say customers often ask whether their biometric information will become part of a private database, akin to what the F.B.I. keeps.

The banks themselves are not keeping caches of actual fingerprints or eye patterns.

Rather, the banks are creating and storing what they call templates -- or what amount to long, hard-to-predict numerical sequences -- based on a scan of a person's fingerprint or eyeballs. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.