Mobile authentication with finger vein biometrics -TEISS® : Cracking Cyber Security
10 December 2018
Biometric access management is changing and finger vein authentication moves it a step further forward.
The growth in the use of biometrics in the mobile channel and the innovative use of different methods of biometric authentication show no signs of slowing down.
Apple were first with their Touch ID fingerprint sensor built into the home button of several generations of iPhones and iPads. A number of other device makers followed suit soon afterwards by including finger print scanners on their devices.
Soon after the release of Touch ID came many claims about how the security could be compromised. But generally, the technology was great in speeding up access to the device instead of typing in a passcode. It has been an effective tool in helping consumers to become comfortable with the concept and use of biometric access control.
Apple captured an audience in the region of several hundred million users who quickly got used to the idea of a fingerprint scan to open a device and optionally to authenticate transactions. Apple then made the transition to Face ID. In doing so they provided their API, making it transparent application developers and ensuring a smooth transition from one generation of biometric sensor to the next.
Face ID boasted a far higher accuracy rate than Touch ID. So it was a no-brainer for Apple to move to face recognition.
But just how popular did Touch ID become as a way to authorise transactions in the mobile channel? With Apple Pay being well established as a payment tool, the optional use of Touch ID and then Face ID, instead of passcodes, meant that millions of people around the world were almost seamlessly transitioned of biometric authentication.
Yes, there were a few questions and debates about safety and security. But mainly users saw this as a natural evolution. And for many digital natives and others, it has become the way to pay.
Standardising authentication tools
The problem now for service providers is how to deploy standardised authentication tools in Apps across the two main mobile platforms, Apple and Android.
What is needed is a simple-to-use tool, easy to install and set up, as secure and intuitive to use as Face ID; one that doesn’t require any extra hardware; one that can be used by almost all smart phone users without any special knowledge or training.
But what about the next generation of biometric tools? They need to be capable of being used with ease on both platforms to authenticate any kind of transaction. They need to avoid compromising privacy regulations. And they need to protect against identity theft.
Step forward Hitachi’s next generation of biometric authentication solution. This is based on the award-winning finger vein authentication technology which aims to contribute to a safer and more secure society. It can be used by any device equipped with a digital camera (smart phone, tablet, laptop etc.) to easily authenticate users by their finger vein patterns in a fast, simple transaction.
Whereas Touch ID, Face ID and their Android equivalents can do a good job of authenticating a user to a device, there is still a security gap when using this scheme to authenticate transactions. The service provider whose App calls up the device’s authentication process will only ever know that a valid check has been made by the device. It does not really know who has been authenticated: the “strong” part of the authentication is missing.
The goal of the service provider to “know your customer” is difficult in that any person who has managed to register themselves to the device could perform the authentication step rather than the person whose account is actually being accessed.
Hitachi’s solution addresses this by performing the authentication in conjunction with the service provider. It means that the authentication step stays clearly in the control of the service provider. For example with a bank, we can safely say that any activity is “kept within the four walls of the bank”.
For mobile banking and related transactions, it is easy for users and straightforward to integrate with Apps and authenticates based on capturing a simple picture of the fingers. The authentication app guides the user to take the photo of their fingers, the vein patterns are extracted into template form and authenticated, with the whole process taking only a few seconds.
Process for Hitachi’s finger vein authentication technology
The addition of this strong authentication step means that all manner of mobile transactions can be secured quickly and safely.
With deep knowledge of cybersecurity, biometrics and banking security and having tools that secure many enterprises, Hitachi ensures that fast and flexible user authentication can be served up in the safest and most practical way. To discuss how Hitachi’s solutions can be part of a multi-factor program for securing the mobile channel, please contact them at [email protected].
Image under licence from iStockPhoto.com, credit andresr