Following the news that HSBC is to introduce selfie authentication to business customers, IT security experts from ACI Worldwide,  Yoti and Mindtree commented below.

Lu Zurawski, Solutions Practice Lead, Consumer Payments EMEA at ACI Worldwide:

Lu Zurawski“It appears that the banking industry may be ready to branch away from rigid PINs and password challenges, with the move towards “selfie pay” the latest hook in “biometric banking”. The use of physical unique identifiers appears to be slowly catching up with the more traditional payment tokens like cards and mobiles.

These new techniques based on biometric information will certainly be easier for some consumers to use, and they could also help banks streamline their processes whilst keeping a cap on fraud.

These are interesting times; if banks are to accommodate the preferences of target customer segments, they will have to offer a wider choice of Identity Verification mechanisms, as not everyone will be comfortable with selfie photography as a natural part of the banking experience. This move away from ubiquitous, one-mechanism for all, could end up being quite confusing and potentially counter-productive if fraudsters devise new social engineering scams as a result.

There is a palpable feeling of change – perhaps in the not too distant future, customers will chose their favourite identity verification provider completely separately from their choice of credit card, bank account or alternative payments provider.”

Paco Garcia, CTO at Yoti:

Paco Garcia“Today’s announcement from HSBC affirms the idea that banks are showing more support for biometric authentication than ever before. Nationwide, for example, recently announced a move into behavioural biometrics, while Mastercard plans to introduce selfie authentication. In fact, HSBC had already announced its intent to offer voice recognition earlier this year. Selfie authentication is the next logical step, especially when anchored to a government issued document such as a passport.

“It remains to be seen how successful the implementation of these schemes will be, but most signs look positive: Mastercard, for example, claims that 92% of test subjects preferred the new biometrics systems to passwords. As consumers become accustomed to taking selfies to make a payment, the key challenge for any of the selfie authentication solutions is ensuring the right person is in front of their phone – and not using a photo or video.

“Aside from straightforward security improvement, there are other major benefits for banks adopting biometric authentication. Better fraud detection, better identity management, better audit trails, better internal controls and, as a result of all of that, more trust from consumers. And really, it’s no surprise that banking and payment processors are moving so quickly to adopt these new processes – they are under huge competitive pressure from digitally native, mobile experience focused newcomers. Consumers tend to appreciate the simplified access as a result of not having to recall passwords and usernames and, although I’m not a marketer, I imagine they will find attraction in the futuristic feel of biometric technology.”

Anil Gandharve, Associate Vice President at Mindtree:

Anil-Gandharve “The rise of biometric authentication such as selfies is testament to how the banking industry is leading the way in meeting the needs of their customers: offering secure, convenient and fast access unlike ever before. To maintain a consistent, digital user experience, retail banks must however, go beyond what the end user sees and uses to deliver a consistent experience. Strong analytics, a sound stable infrastructure and API enablement will be critical for the future and development of high-tech high street banking.”

Information Security Buzz