HSBC banks on biometrics with new voice and touch services

At a time where the threat from hackers has never been higher, biometric authentication is increasingly being used as a means of security due to the added protection it provides.

To illustrate this growing trend, HSBC has announced that it is taking a step closer to biometric banking in the UK by launching voice recognition and touch security services for its internet banking customers.

According to the bank, the new services will be available to up to 15 million customers, who will no longer have to go to the trouble of remembering passwords and answers to random security questions. As the sheer number of passwords that have to remembered these days is one of the main issues for consumers, this is certainly a positive step forward.

Francesca McDonagh, HSBC UK's head of retail banking and wealth management, said: "The launch of voice and touch ID makes it even quicker and easier for customers to access their bank account, using the most secure form of password technology - the body" and described the move as "the largest planned rollout of voice biometric security technology in the UK."

To make use of voice recognition - which will be supplied by Nuance Communications - customers will have to enrol their specific "voice print." When users then try to log in, this sample will be cross-checked against over 100 unique identifiers such as speed, cadence and pronunciation.

Industry reaction

Anthony Duffy, Director of Retail Banking in UK & Ireland at Fujitsu:

“HSBC’s decision to roll-out voice recognition and touch security systems is to be welcomed. Biometric-based security systems are highly accurate, cost-effective and scalable. They deepen and strengthen bank defences by providing an unequivocal link to an individual, event or transaction while being very hard to forge.

“British banks are now looking at biometric solutions with new eyes. The emergence of mobile phones which are locked and unlocked using a fingerprint has made this easy-to-use technology familiar to a new mass market. And with the media regularly reporting stories concerning security breaches at financial institutions, banks recognise that maintaining customer confidence in their industry, systems and products is more important than ever. Thus, banks are looking to additional forms of protection that customers can clearly see meet their security needs.

“Deployment of biometric technologies in Britain banking is still in its infancy, but will become commonplace. Customers will become increasingly familiar with it as it enters other parts of their lives. Already, biometric technologies are commonplace in mobile phones and are increasingly appearing in workplaces, particularly in controlling access to secure locations and in enabling use of technology such as laptops, tablets and the PC mouse. As users become comfortable with the technology, and increasingly appreciate its value in strengthening security of personal information and transaction details, we expect deployments of biometric technologies to become a mainstay of the financial services industry.”

Richard Parris, CEO, Intercede:

“HSBC’s adoption of Touch ID for its customers with compatible Apple mobile devices is yet another recognition that passwords are failing to protect consumers from growing security threats but the rest of the digital economy needs to catch up quickly. Banks have typically adopted the most stringent but inconvenient security systems and that’s because, although biometrics can be part of the solution, the underlying systems also have to ensure that individual smartphones and tablets are reliably authenticated not only with the users but with the services being accessed. Likewise, users also need to be able to reliably authenticate the services they are accessing to avoid phishing attacks.

“It’s now time for all service providers to catch up and deliver both security and convenience to their consumer audience. Highly cost effect solutions are now available, for new and existing apps, that deliver extremely secure authentication, eliminate passwords and add convenience. Adoption of those solutions is easy – it simply requires the will to make it happen and a recognition that consumers are currently being let down by inherently insecure systems that rely on dated technologies.”

Hans Zandbelt, senior technical architect, Ping Identity:

"The banking industry is a beacon of best practice when it comes to implementing new identity-defined technologies. Last year, we saw RBS roll out fingerprint authentication for online banking customers. HSBC has taken this one step further, with the introduction of voice recognition software- a progressive move, as biometric banking enters the mainstream.

"Biometric technology, such as fingerprint and voice recognition, not only allows for a more secure service in our digital era, but such technologies are crucially tied to the identity of the banking customer- this is essential in alleviating the requirement for customers to remember and type in complex passwords over and over again.

"By implementing systems that focus on a customer's identity, banks can offer returning customers a secure and seamless service and can mitigate customer losses. This allows users to fully realise the benefits of secure online, mobile access to their personal finances."

David Mount, director, security solutions consulting EMEA, Micro Focus:

“This announcement from HSBC is the latest step in a period of intense change in bank security, which is primarily being driven by the convergence of two key trends. First of all, customers are demanding more services on mobile devices and their expectations around online banking are changing. Accessibility is key when it comes to mobile and entering numerous passwords can be an inconvenience, which is why banks are looking to make the authentication process as easy for customers as possible. Secondly, traditional authentication methods are failing. Banks are concerned about the rising cost of fraud and are looking to limit future losses with a more effective authentication process.

“Passwords quite simply aren’t working for the banking industry. They are too easy for hackers to steal and too difficult for customers to remember, which is why we’re seeing banks like HSBC shift towards biometrics. Clearly the idea behind the technology is to make it as difficult as possible for a criminal to impersonate a customer. The technology is now able to analyse such specific biometric detail like the shape of larynx and vocal tract, which is much more difficult to steal than a password. However, adding this complexity could potentially lead to further vulnerabilities – the proof will come following final implementation.

"As we move more of our lives online, we need a more effective way to securely prove who we are. That’s why we can expect to see biometrics based on our voice, fingerprints or heartbeats becoming more prevalent in the not-too-distant future.”

Image source: Shutterstock/ra2studio