2015 saw a significant amount of innovation in the financial and payments industry. The UK FinTech industry secured over $623 million in investment, creating opportunities for a digital revolution within the sector. Neil Costigan writes
This year we have also seen mobile payments take the UK by storm, with Brits becoming accustomed to simply tapping their smartphones when making purchases. Yet in some cases this innovation has been overshadowed by security issues and headlines around data breaches that can make some consumers take a step back and refuse to make the most of out of new services to ensure they don’t find themselves a potential target for criminals.
Even though we are told on a regular basis about the risks of not taking our online security seriously, and we know that we need to change our "123456" password that we set in our teens, many consumers aren’t showing signs of changing their ways. In many cases consumers leave themselves vulnerable, because it is more convenient than following taking a rigorous approach to security. As a result, the responsibility lies with the banks to make sure we are protected at all times without impacting our user experience.
This pressure has resulted in many financial institutions embracing innovative new security measures, such as Halifax experimenting with heartbeat technology and banks across Europe adopting behavioural biometrics as a means to authenticate their digital users based on their unique behaviour. The overwhelming uptake of biometrics in 2015 is a result of banks realising they need to provide rigorous security and a frictionless service. However, biometric technology has an opportunity to expand out of the financial industry in the New Year – particularly as the volume of digital payments across all sectors continues to soar.
What could 2016 bring for behavioural biometrics?1) We go cashless. The Nordics has developed a reputation for innovation and in countries such as Sweden, the prevalent use of the mobile payment Swish which allows Swedes to make a transaction between individuals in real time, has meant that only 80 billion Swedish crowns are currently in circulation. Many argue that if this trend continues they could soon be the first country to go completely cashless – and the UK has the potential to follow in their footsteps. In 2015, the proportion of cash payments were less than half the total number of payments that were made last year, indicating that Brits aren’t shying away from the idea. The move to cashless will place new pressures on payments providers and financial institutions to introduce security measures such as biometrics to their services to ensure their customer’s data is secure every time they walk up to the till.
2) The Device Mesh. Gartner has predicted that the endpoints at which people will access applications and information will expand greatly in 2016, which they have named the "device mesh". The device mesh includes mobile devices, wearable, consumer and home electronic devices, automotive devices and environmental devices — such as sensors in the Internet of Things (IoT). Previously devices used to work in siloes and operate in isolation of one another, but in 2016 we will see many more devices cooperate and interact with each other. This will create an even bigger test for businesses as customer data gets shared across even more devices, but it is an opportunity for biometrics technology to gather even more intelligence to support enterprises to authenticate users.
No more getting around paywalls As we continue to enjoy on demand digital services, many enterprises rely on paywalls and subscriptions as means of revenue. Many of these businesses then face the challenge of ensuring they don’t lose revenue on a daily basis through customers sharing credentials in order to split costs. For consumers it seems pointless to have multiple online publication accounts in one household for example, but for businesses that depend on a digital business model, behavioural biometrics is an ideal solution that ensures the person watching TV is the account holder without impacting their user experience.
3) Regulation outweighs reputation. In 2015 we saw a shocking number of cyber-attacks that not only resulted in customer dissatisfaction but also significant reputational damage for the enterprise. The fear of losing customers due to security breaches will continue in 2016, but the influence of regulators will mean that security will become less of a reputation issue and more of a compliance issue. The European Banking Authority (EBA) regulations are already a significant challenge for security professionals to adhere to, but as new technologies enter the market, so do new regulations and the expectation from the EU to achieve all their standards is by far the biggest mountain to climb.
The EBA currently state that firms need to have at least two of the following three measures in place that must remain mutually independent: a request for something only a consumer knows such as a password, something the user has, e.g a token and finally something the consumer is such as biometrics. Specific yet continuously changing requirements from regulatory bodies mean that businesses need to ensure they take a layered approach to security to guarantee they cover all bases efficiently without putting all their eggs in one basket.
2015 was a year of rapid changes and innovation within the financial sector, and 2016 shows no signs of slowing down. But beyond the financial sector, on-demand services such as Uber have increased the flow of high volume, low value transactions – meaning payments need to be streamlined, quick, but also secure. Meanwhile, the continued growth of subscription models has created a new concern – how to authenticate the user, even when they are willing to share their own authentication details. As such, in the next 12 months, we can expect to see an explosion in innovative authentication activity, as companies adjust to new demands and challenges from customers.
Neil Costigan is the CEO of Behaviosec