What are the barriers to biometric banking in Europe?

By Jonathan Vaux, Executive Director of Innovation Partnerships • Visa Europe

September 21, 2016

A recent Visa survey clearly demonstrated how critical a role banks could potentially play in helping the roll out of biometrics. While there have been many public announcements of the adoption of biometrics for account access, there still seems a long way to go. So what needs to happen?

Regulatory Certainty

The European regulators may appear to be sending mixed messages to the financial community today. On one hand, the PSD2 and other local domestic regulatory authorities indicate a clear appetite for open banking leveraging API’s, while on the other hand offering recommendations on SCA (Secure Customer Authentication) that many fear will be “conversion killers” with their level of impact on the transaction. This apparent inconsistency only adds to the current level of uncertainty and, until there is clearer alignment around exactly what is needed we are at risk of seeing inertia or significant market differences as each market bodies draw their own, differing conclusions.

Biometrics aren’t binary

New use cases, similar to Touch ID for Apple Pay transactions, will also emerge where biometrics will complement the user experience. New voice-controlled home sound systems are a “prime” example where voice recognition will be the obvious authentication method to access an e-commerce transaction. Unlike traditional authentication, it appears unlikely there will be only one form of biometric, just use-case appropriate choice of biometric that will then feed the data score for each transaction.

Mobile is critical

Linked to the “authentication as scoring” approach, it is critical to recognise the role other technologies will play in reducing ecosystem risk. Tokenisation is already having a huge impact in reducing the risk of sensitive data being shared in the ecosystem. Evidence from the US has shown that messaging post transaction has reduced fraud significantly in the US from customer detected fraud.

As part of a wider mobile banking app strategy the bank can use the typical mobile device – which carries a number of key capabilities to scan, record, hear, locate – can be used as a key customer tool to communicate and engage with the customer. This, in turn, increases the frequency of interaction and customer data that can help build the data points that help identify and validate the customer. In many markets, the customer is still driven to go to the browser for important transactions that could as easily and safely be performed in-app. Banks need to trust the app if they’re truly going to change behaviour.

Have we met before?

One of the key concerns often raised when reviewing some of the regulatory changes is the lack of differentiation between the first transaction and the subsequent, repeat transactions. This is surprising, because it is commonplace today for online best-in-class experiences and normal for ACH payments from bank accounts. Requiring stronger authentication for the first transaction when enrolling or registering the user will enable data attributes that can then be used to validate subsequent transactions.

Differentiating between “check-in” and “check-out” has the potential to vastly improve fraud ratios and customer experiences that don’t damage key merchant ratios. As token becomes increasingly prevalent, the requirement for strong authentication before provisioning a token that can then support subsequent transactions seems a sensible way forward to meet all the stakeholder needs. Banks may wish to take an active role in validating the customer when they provision the token and then rely on more passive, risk-based authentication methods for subsequent transactions.

The role of EMV

When EMV was first launched in Europe, there was much hype around the potential usage of the chip on the plastic. Years later, the potential is still there and maybe biometrics may be a good opportunity to enhance the functionality. Visa has been adapting its specifications to incorporate biometrics into EMV and VbV 2.0 specifications but uptake of the EMV option has been very limited to date. If the banks wish to maintain their key role, they may need to accelerate utilisation of their customer plastics and evaluate usage of their PINs on devices as authentication options that reinforce their role as a trusted partner.

If not, many other organisations will be keen to leverage the inherent capabilities that exist on their mobile device. Customers are clearly keen for their banks to be actively involved and trust them more than any other institutions to protect their privacy – the key risk is that new entrants will fill the void by offering new propositions that focus so heavily on convenience that customers are unaware or choose to ignore the critical importance of ensuring the data is neutralised and protected from improper usage.

Share this post

Like this post

Related Articles

Has the time arrived for biometrics?

July 14, 2016

Recent Visa research shows that 73% of people would like to use biometrics as a form of two-factor authentication. So how are we responding to the exciting opportunities offered by biometrics?

Jonathan Vaux Read More

Why we donated to the Child Refugee Crisis Appeal

September 17, 2015

I am sure you are all very aware of the refugee crisis across Europe. Many of us have felt a strong emotional response to this, and we all want ‘something to be done’. However in the heat of the crisis it’s not always clear what practically can be done.

Nick Jones Read More

Cloud-based mobile payments gaining momentum in Poland

January 07, 2015

Leveraging Host Card Emulation (HCE) technology, nine Polish banks are bringing Visa cloud-based mobile payments to their customers. Thanks to the new solutions, the mobile payment landscape in Poland is at a turning point.

Gosia O’Shaughnessy Read More

This connected life: from phones to clones

August 31, 2016

Technology is pervading all aspects of our life, making our daily chores and interactions more convenient. Looking to the future, what technologies will enable the innovation that will lead to truly “connected lives”.

Applied futurist Tom Cheesewright explores the evolution of technology and the internet and their impact on our daily lives. He also looks at the role that tokenisation technology will play in enabling this connected future, and how it can power innovation, as well as security.

Tom Cheesewright Read More

Why European payments is a particularly great place to be

October 19, 2015

Two weeks ago I wrote about how payments is, for me, the only place to be at the moment, and I gave 6 reasons why.

Since then, I’ve been thinking about what makes Europe the most energising arena to be operating in.

Nicolas Huss Read More

Try to cater to all

September 15, 2015

At London’s recent WIRED Money event, I was the only guest speaker who wasn’t from a startup. I think that’s a tremendous endorsement of our collaborative approach to innovation, and a sign that we’re doing the right thing.

Jonathan Vaux Read More

Enterprise for all through partnership

June 30, 2015

Being entrepreneurial is not for the elite. Digital technology and the right attitude allow all of us to create value. It contributes to all our well-being – social and economic. This is no pie in the sky vision of digital evangelists but the reality seen by Visa employees volunteering in start-up challenges. We are proud to back such entrepreneur education.

Nick Jones Read More