Balancing safety and convenience with biometrics

Read time 2min 40sec
Ideco CEO Marius Coetzee.
Ideco CEO Marius Coetzee.

Biometrics-based security devices are now widely used across SA's banks, but in many cases, could be creating a false sense of safety among enterprises - and worse - serving to enable criminal activities.

This is according to Ideco CEO Marius Coetzee, who notes there has been growth in the utilisation of biometrics, not only in terms of national identity schemes, but also with regards to providing a frictionless experience to the consumer while still maintaining high levels of security.

Similarly, Ammar Faheem, solutions expert for digital banking and payments at Gemalto Africa, says SA is gearing up to be on par with the global community in adopting biometric technology in the banking sector.

Fingerprinting seems to be the biometric method most frequently used by local banks, on mobile banking apps as well as by consumers when visiting branches, says Faheem.

"Local banks are adopting the technology just as well as any other banks worldwide. Within the next five years, more than 91% of SA's banks plan to have fingerprint scanning, 84% face recognition, and voice recognition is to be used by 74%.

"It is also important to highlight that SA's social aid programme through SASSA [South African Social Security Agency] already relies on biometric authentication for over 10 million beneficiaries, which is another important argument on how SA is ready to embrace biometrics for mainstream banking services."

However, Coetzee says organisations need to be careful in their choice of biometric devices deployed for customer identification, security and protection of assets, to ensure they are compliant with all key standards and legislation, and that the systems deliver the security they promise.

He notes biometric information is personal data that needs to be treated according to the highest POPIA requirements and processed according to international standards and best practices. Any deviation holds serious privacy risks to the individual and compliancy risks to the organisation, with biometric hardware playing a big role in this process, says Coetzee.

Using hardware that does not provide a true representation of the biometric that is captured and does not comply with quality standards opens a door to fraudsters, he adds.

"As the banking sector in SA is mostly using biometrics to curb fraud, the hardware must comply with image quality standards to ensure it can be upheld in court. Hardware not complying can prove to be a massive liability to any organisation that would like to prosecute based on biometrics."

Inadequate biometrics-based identification and security systems could not only give villains access to accounts and assets, they could also help them avoid prosecution, says Coetzee.

Given how quickly biometrics is evolving to include behavioural components, local banks would do well to fully embrace far more sophisticated and convenient secure solutions, says Faheem.

See also