Language

11 Mar 2024in Use cases

Biometrics in Banking: Navigating Identity Verification & Customer Experience

Henry Patishman

Executive VP, Identity Verification solutions at Regula

Biometrics in banking marks a revolutionary leap towards securing and simplifying financial transactions. By analyzing unique physical traits for identity verification, this technology stands at the forefront of the industry's battle against fraud. It offers a strong defense that traditional passwords and PINs can't match.

Yet, its impact goes beyond security. As banks navigate the digital age, integrating biometric technology not only enhances security, but also redefines the customer experience. 

This article explores the topic of biometrics in banking, based on insights from a recent Regula webinar that was focused on this topic.

What is biometrics in banking?

Biometrics in banking is about verifying and identifying people based on their unique physical or behavioral traits. Despite the obvious advantages of better security and UX, the main driver of the spread of biometrics in banking is compliance with regulatory authorities. So, it has become rather a must-have than a nice-to-have feature for businesses in this industry that want to secure their market share.

Typically, biometrics in banking involves two essential technologies:

  • Processing and verifying biometric identity documents

  • Verifying facial biometrics

Let's dive into each of these areas.

Biometric identity documents

Originating from the need to standardize travel documents, the International Civil Aviation Organization (ICAO) introduced Doc 9303, a set of guidelines that outlines the technical specifications for machine-readable travel documents (MRTDs). This document laid the groundwork for the adoption of electronic machine-readable travel documents (eMRTDs), which include biometric information embedded on a chip inside the document.

Now, over 170 countries and territories issue biometric documents which contain contactless NFC chips, such as passports, ID cards, and residence permits. In this case, they are often called ePassports, biometric passports, and electronic or biometric identity cards. In the UK, for instance, a residence permit with such a chip is called a biometric residence permit.

Biometric documents are becoming more popular for remote verification than traditional ones, mainly because they are much more secure and difficult to counterfeit.

Biometric documentsTraditional documents
  • Data within an eMRTD chip can only be read & verified using NFC-enabled smartphones and specialized IDV software

  • Personal information is duplicated in different parts of the document, including the RFID chip (more opportunities for cross-checks)

  • It’s extremely difficult (if at all possible) to alter data encoded in a chip, so counterfeiters usually just disable it

     

  • Personal data is easier to alter 

     

  • Photo replacement techniques and face morphing are evolving

     

  • Fraud risks are more likely in remote onboarding scenarios

     

Face biometrics

Businesses, especially banks, increasingly use facial biometrics in their operations, proving its effectiveness in fighting identity fraud.

Unlike fingerprint and iris scans, facial recognition technology offers a less intrusive and more accessible form of verification that requires no physical contact. This convenience factor and the technology's increasing reliability make face biometrics highly appealing for online banking services, mobile banking apps, and remote customer onboarding processes.

Facial recognition technology works by analyzing the unique features of an individual's face, creating a digital representation that is then compared to a database of known faces and/or the individual’s portrait in their ID.  

Companies that adopt facial recognition systems typically pair them with liveness detection technologies. Such technologies aim to verify that the individual is a real person and physically present during the remote process. Thanks to this, you can prevent fraudsters from impersonating someone by submitting other individuals’ photos, pre-recorded videos, etc.

Leading banks are already leveraging this technology to streamline the customer experience. For example, UBS integrates biometric ID scanning and facial recognition right from the first step of onboarding new clients. This approach speeds up the process, making it more convenient for customers while maintaining high security standards.

Stay Tuned!

We'll deliver hand-picked content from Regula's experts into your inbox

Remote self-service onboarding: The main use case of biometrics in banking

Remote self-service in banking allows customers to manage their banking needs from anywhere, at any time, and without in-person interactions. In many countries, including the entire EU, regulators require a biometric identity document for self-service identity proofing of a prospective customer. 

Simply put, certain contracts, such as loans and mortgages, require a qualified electronic signature based on the highest level of identity assurance. That makes biometric identity documents essential for automating identity proofing and onboarding customers remotely 24/7.

How it works

The process of remote self-service onboarding somewhat resembles the process at the airport when you go through the e-gates. It usually unfolds in these six key steps:

  • Document scanning

  • Reading the digitally signed data from the chip

  • Know Your Customer (KYC) questions

  • Taking a video selfie

  • Performing liveness detection

  • Face comparison

Self-service onboarding process in banks

Key architectural principles for designing biometric authentication in banking

When creating secure remote banking solutions, it’s worth considering two main factors:

  • The mobile devices themselves

  • Backend processing

Zero trust model. The first foundational principle is not to trust users’ mobile devices, because they are vulnerable. They might be modified in ways that make them less secure, like being rooted or jailbroken. So, mobile devices serve mainly to gather information, while all the critical security checks and decisions happen on the backend system.

All the processing on the backend. The backend system is where all the heavy lifting happens. This includes but is not limited to validating documents, liveness detection, making sure the person's face matches their ID, and other security steps. Data must also be stored in a trusted backend environment.

Designing a service with a versatile API from the start is another important principle. It makes it easier to fit the needs of different users, and work smoothly with various mobile apps and business processes.

Key factors for conversion rate in self-service biometric authentication in banking

Three key factors influence the conversion rate of remote self-service onboarding:

#1 Intuitive user guidance. The success of the IDV process largely depends on providing users with clear instructions. Since scanning identity documents, especially with biometric features, is rare for most people, step-by-step guidance can significantly improve user experience. For example, demonstrating the correct way to hold an ID and use a mobile phone for scanning can prevent drop-offs at this step.

quote

I think the most important factor [for conversion rate success] is the user guidance. My lesson learned is that most prospects drop out during the scanning of identity documents mainly because it's not a very intuitive process.

Pascal TavernierIdentity & Access Management Architect, Executive Director, UBS

#2 Contextual help. When users encounter errors, generic error messages are not helpful. Providing context-specific animated instructions can guide them on how to correct mistakes: for example, adjust lighting conditions to avoid glare, or position the document correctly for NFC chip scanning. This tailored support minimizes frustration, and encourages users to complete the process.

quote

Provide accurate context-based help, not like “Ouch, something went wrong,” but give them a crystal clear (animated if necessary!) explanation of what exactly went wrong and how to fix that.

Pascal TavernierIdentity & Access Management Architect, Executive Director, UBS

#3 Early eligibility checks. Starting the authentication process with an eligibility check for the identity document ensures users don’t waste time on a process they cannot complete. If a document isn't eligible for self-service, users should be promptly directed to alternative verification methods, such as video calls or branch visits.

quote

Design the process to assess whether your prospects are eligible for self-service right from the beginning. Telling them, "Oh, sorry, your document is not eligible," after they've completed all the steps only leads to frustration.

Pascal TavernierIdentity & Access Management Architect, Executive Director, UBS

Pros and cons of limiting onboarding to biometric IDs only

While the advantages of biometrics in banking are clear—reducing fraud, better compliance, and cost-effectiveness—this strategy also presents challenges.

Security vs. accessibility. While biometric IDs provide a high level of security, they could also sideline potential customers who don’t have such documents, particularly in regions where biometric documentation is not widely available.

That's the case, for example, if you want to cater to customers from India. The country represents almost 18% of the world’s population, but still doesn’t yet have biometric passports for the general population. Or countries like the US, where more than half the population doesn’t have biometric documents and relies on traditional documents such as driver's licenses for identification.

Perspectives of stakeholders. Banks lean towards the enhanced security and streamlined processes biometric IDs allow, and customers enjoy the quick and convenient onboarding they enable. Yet, regulatory bodies stress the need for inclusivity, cautioning against security measures that might exclude specific groups.

This can also cause revenue losses due to the loss of potential customers who wanted to use self-service but were declined because they only had a traditional passport. This may create a negative experience and influence customer loyalty in general.

It’s clear that in most cases, there has to be a “plan B” to cater to customers with traditional documents. For example, a business might offer a video onboarding call.

Pros of limiting onboarding to biometric IDsCons of limiting onboarding to biometric IDs
  • Enhanced security

  • Streamlined onboarding process

  • Compliance with regulations

  • Improved customer experience

  • Cost savings by excluding manual checks

  • Potential revenue losses

  • Drop in customer loyalty

  • Costs and implementation challenges

     

Beyond onboarding: The reusability of biometric technology

The capability of biometric technology to digitize and streamline banking processes extends far beyond initial customer onboarding. Once users are in the system via biometric authentication, the same technology opens up plenty of options.

Re-identification and renewal

In regions like Switzerland and the broader European Union, regulations require that digital signatures and client identifications be renewed every three years. With biometric authentication already in place, banks can automate this process, eliminating the need for physical signatures or paper contracts. This streamlines operations and also enhances convenience for users.

Personal data updates

Changes in personal information, such as name or address, can be seamlessly managed through remote biometric-based identity verification processes. This automation significantly reduces the administrative burden on both the bank and its customers.

Account recovery

Biometric technology also offers an effective solution for account recovery scenarios. Should a customer need to reinstall a mobile banking app, biometric authentication facilitates a secure and straightforward process for regaining access, available around the clock.

Enhanced security for high-risk transactions

For transactions deemed high-risk, biometric technology can provide an additional layer of security through step-up authentication. This can include liveness detection and facial comparison checks, further safeguarding against fraud and unauthorized access.

Evaluation criteria for providers of identity verification & biometrics in banking

Banking is an extremely high-stakes, regulated industry, regardless of the geography, so it’s natural that there are plenty of must-have features on their evaluation criteria list. The ideal technology partner should possess a deep expertise in biometrics and document verification, a proven track record in the banking industry, and the ability to provide secure and scalable solutions.

Read more: 9-Step Guide to Choosing the Best Identity Verification Software

Here’s a breakdown of essential evaluation criteria for biometrics in banking tools across three major categories:

1. Fraud prevention features

  • Document support (comprehensive coverage of ID documents, including biometric passports and national IDs)

  • NFC-based verification with server-side re-verification

  • Document liveness checks

  • Cross-checks and authenticity control

  • Error-handling flexibility (the ability to effectively manage errors during the verification process, including customizing responses to specific error events)

  • Biometric checks (robust liveness detection to counteract deepfakes, masks, and videos, plus face match and face search)

2. CX-related features

  • User guidance (clear, intuitive user guidance with options for customization to fit the bank’s branding and workflow requirements)

  • Automatic document type detection

  • Image quality assessment and improvement (so users can complete the verification process, even in challenging conditions like poor lighting)

  • Cross-platform support

3. Implementation and integration features

  • Detailed developer documentation and customizable code samples

  • On-premises or software-as-a-service models to align with the bank’s data privacy, protection needs, and regulatory compliance

  • Adjustable size of SDK

  • Test document service (more about that below)

Challenges and considerations when testing the solution

A very important but not commonly discussed aspect of a great IDV provider is where to obtain enough document samples to test your system before rolling out into production.

If you’re in global banking or FinTech, you need to support biometric IDs from over 100 issuing countries, and you won’t be able to obtain these passports from your staff or project members. Besides, for data protection and data privacy reasons, you can’t use real passports in an engineering or a testing environment. 

Still, you need to somehow test your system to make sure it can cope with error conditions like an underage prospective customer, an expired passport, a failed signature validation, etc. 

 test biometric documents

To address this need, Regula has introduced the Regula NFC TestKit Service. The service includes a test set of identity documents featuring authentic RFID chips, each personalized with fabricated data. These documents include a visual zone and machine-readable zone (MRZ) but lack other security features. You can print and use them to evaluate your system performance.

This method closely replicates the experience of scanning real NFC chips, allowing businesses to realistically simulate document verification scenarios that might arise during remote identity verification, and ensure that any potential weaknesses are identified and addressed.

Key takeaways

  • Biometric authentication in banking improves fraud protection and streamlines onboarding, surpassing traditional security methods.

  • Typically, biometrics in banking involves two main technologies: handling biometric identity documents and verifying facial biometrics.

  • Most often, biometrics in banking is used for self-service onboarding. However, it has great potential for digitization of numerous processes, including renewals, personal data updates, account recoveries, and more. 

  • When banks build a system to enable remote onboarding, there are three critical factors: a zero-trust model towards user devices, processing all critical security checks and decisions on a secure backend system, and utilizing a versatile API from the start. 

  • Success in terms of conversion rate hinges on clear user instructions, immediate error handling, and verifying document eligibility upfront.

  • Before adopting an IDV system involving biometric ID documents, it’s important to use a reliable set of IDs with real NFC chips, such as the Regula NFC TestKit, to test-drive the verification process.
  • Choosing the right IDV partner is crucial for success.

Let's talk?

Identity verification
for your mission-critical projects

On our website, we use cookies to collect technical information. In particular, we process the IP address of your location to personalize the content of the site

Cookie Policy rules