Banks: To biometric or not to biometric?

The Asian biometrics market is set to grow at a rapid pace as countries like China, Japan, India, and South Korea lead the way in ensuring better protection. According to Inkwood Research, the market in the region is expected to grow at a compound annual growth rate (CAGR) of 20 percent up to 2026.

Banks are one of the major consumers of biometric technology. This is not just to enhance security but also increase convenience for customers, as solutions like voice biometrics can quickly and easily verify a customer’s identity.

What drives biometrics growth?

“Adoption of biometrics technology in the banking sector is fueled by several factors,” said Ken May, VP of APAC Sales for Tyco Security Solutions at Johnson Controls. “Rapid digitization of banking services, coupled with the need for stricter customer and employee identifications to prevent identify theft, has set the pace for biometrics boom in banks.”

Biometric access control systems deliver unobtrusive, personalized access control to sensitive operations, perimeters and assets. The technology is easy to manage and administer on an individual user basis and can be integrated with existing access control systems. Solutions such as biometric identification scanners and door locks eliminate the need for access control cards or keypad-passcode sharing. Other systems use fingerprint, iris, facial and other identification technologies to offer further access control evaluation at restricted areas.

Going into the specifics, Ashish Dhakan, MD and CEO of Prama Hikvision India, said biometrics had security advantages that played a vital role in the banking sector; including monitoring employee attendance and the handling of cash, employee and customer verification, prevention of real-time threats, as well as for forensic purposes.

What do the critics say?

As much as biometrics appears to be a key solution for security, experts have noted it is not a comprehensive answer to all the issues banks have to deal with.

“Skeptics have warned that overreliance on biometric technology isn’t a panacea for data security,” May said. “A biometric system comprises the capture and storage of characteristics in a database to identify an individual, and cross-references the information in the database to verify or authenticate an individual’s identity. The collection and storage of biometric data pose several security risks in itself: Does the data need to be stored at all? And who manages and owns the data and for what purpose will it be used?”

Data protection legislation is gaining ground within the Asia-Pacific region. Countries like Australia and Singapore have taken the plunge first while other nations are expected to follow suit as governments realize the urgency of data protection for their citizens. With varying degrees of digital maturity across the region, it will take time for countries to roll out their own version of the GDPR (General Data Protection Regulation) to minimize unnecessary personal data collection, which could help reduce risk and exposure in the process.

Joon Jun, President of IDIS’s Global Business Division, agreed, citing concerns over the implementation of traditional access control systems themselves.

“Implementing physical and logical access management can be complex and expensive, while onboarding and, importantly, offboarding staff and contractors is already a headache for many large businesses,” Jun said. “This becomes more burdensome when biometric data is required as a credential and raises privacy concerns for employees and more compliance pain for Asian banks operating in the EU in relation to (the) GDPR.”

Dealing with the regulations

To ensure biometric solutions do not violate regulatory mandates, some global banks have come up with certain practices. For instance, London-based Barclays Bank stores fingerprint scans on a smart sim that the customer has control over. Canada’s CIBC, which uses voice-based biometrics, assures its clients that access to the data will not help hackers reverse engineer the credentials. Banks in Asia will have to follow a similar path as they seek to make more use of this technology.