Blog

A digital security point of view for the digital business era

Mobile authentication with Camera Phone FV

5 Oct 2018

The growth in the use of biometrics in the mobile channel and the innovation towards using different biometric modalities shows no signs of slowing down.

Apple were first with their Touch ID fingerprint sensor built into the home button of several generations of iPhones and iPads with a number of other device makers following suit soon afterwards by including fingerprint scanners on their devices.

Soon after the release of Touch ID came many claims about how the security could be compromised, but generally, the technology was great in speeding up access to the device instead of typing in a passcode.   It has been a great tool in helping consumers to become comfortable with the concept and use of biometric sensors.

After capturing an audience in the region of several hundred million users who had quickly got used to the idea of a fingerprint scan to open the device and optionally to authenticate transactions,  Apple made the transition to Face ID.  In doing so they provided the same API making it transparent to all of the application developers and ensuring a smooth transition from one generation of biometric sensor to the next.

With Face ID boasting a far higher accuracy rate than Touch ID it was a no brainer for Apple to move to face recognition.

The question comes up then regarding just how popular did Touch ID become as a way to authorise transactions in the mobile channel.  With Apple Pay being well established as a payment tool, the optional use of Touch ID and then latterly Face ID instead of passcodes meant that millions of people were almost seamlessly transitioned over to the world of biometric authentication. Yes, there were a few questions and debates about safety and security but mainly users saw this as a natural evolution and for many digital natives and beyond, it has become the way to pay.

The problem now for the service providers out there is how to deploy standardised authentication tools in their Apps across the two main mobile platforms? What is needed is a simple to use tool, easy to install and set up, as secure and intuitive to use as Face ID that doesn’t require any extra hardware and that can be used by almost all smartphone users without any special knowledge or training.

So in the great Android vs. Apple debate, what about the next generation of biometric tools that can be used with ease on both platforms to authenticate any kind of transaction that ideally doesn’t compromise privacy regulations and protects against identity theft ?

Step forward Hitachi’s next generation of solution based on the award-winning finger vein authentication technology which aims to contribute to a safer and more secure society,  it can be used by any device equipped with a digital camera (smartphone, tablet, laptop etc.) to easily authenticate users by their finger vein patterns in a fast, simple transaction.

Whereas Touch ID, Face ID and the Android equivalents can do a good job of authenticating a user to a device, there is still a security gap when using this scheme to authenticate transactions.  The service provider whose App calls up the device’s authentication process will only ever know that a valid check has been made by the device.  It does not really know who has been authenticated, the “strong” part of the authentication is missing.

The goal of the service provider to “know your customer” is difficult in that any person who has managed to register themselves to the device could perform the authentication step rather than the person whose account is actually being accessed.

Hitachi’s solution addresses this by performing the authentication in conjunction with the service provider.   It means that the authentication step stays clearly in the control of the service provider and in the example of a bank, we can safely say that it is “kept within the four walls of the bank”.

For mobile banking and related transactions,  it is easy for users and straightforward to integrate with Apps and authenticates based on capturing a simple picture of the fingers.  The authentication app guides the user to take the photo of their fingers,  the vein patterns are extracted into template form and authenticated, with the whole process taking only a few seconds.

The addition of this strong authentication step means that all manner of mobile transactions can be secured quickly and safely.

With deep knowledge of cybersecurity, biometrics and banking security and having the related tools that secure many enterprises, Hitachi is able to ensure that fast and flexible user authentication can be served up in the safest and most practical way.

To speak to us about how our solutions can be part of a multi-factor program for securing the mobile channel, please contact us at Banking.Solutions@hitachi-eu.com.