Storing data on the device reduces risks
For the past few months hardly a week has gone by where there hasn’t been some story about a major financial institution rolling out biometrics for access to online accounts.
As soon as the first iPhone with a fingerprint scanner was introduced three-years ago I knew it would only be a matter of time before other applications would take advantage of the fingerprint scanner.
But financial institutions are also using voice and facial recognition as options too, taking advantage of all the possible options offered by mobile devices. This has since lead to a backlash from some who don’t think biometrics are the best options for security.
A New York Times Debate Room looked at the use of biometrics in banking. This against it says with all the recent data breaches banks should not risk storing more personal data. One piece asked if banks would cover plastic surgery if the biometrics were breached.
Now I can’t speak for every financial institution’s deployment of biometrics, but most know the sensitivity of this information to the point where they don’t store the biometrics and it never leaves a consumer’s mobile device.
I use Touch ID to access my Chase account. With a touch of my finger I can easily view my account balances but for anything else I have to enter my password. In this deployment Chase doesn’t store my fingerprint, the app verifies that it’s the same one used to access the device and enables me to peak into the window. To actually get in the front door I have to enter my password, which may be more likely to be breached by hackers.
Brett McDowell, executive director at the FIDO Alliance, says much of this confusion is because people think biometrics are being stored outside of their control. “There appears to be some privacy-related concern with traditional biometric systems that store sensitive biometric templates in the cloud, but I haven’t seen any backlash over the on-device storage model used in FIDO authentication,” McDowell explains. “What you are seeing is more of a learning curve as service providers figure out how to implement biometrics so consumers get the best of privacy, convenience and security.”
With the preponderance of data breaches out there it is better to keep personal information in the consumer’s hands. Storing and matching the biometric on the device is the best way to make this happen.