By Anthony Rjeily & Charlie Jacco
Most of us are overwhelmed by the numerous passwords (and associated security questions and protocols) by which we access our online accounts. Asking your customers to keep track of ever more complicated login information is a terrible user experience.
And the prevalence of hacking proves that passwords aren’t a foolproof safeguard. Even when transactions require a two-step verification process —say, a text message delivering a code to unlock your account— there is no guarantee that the information is safe from the prying eyes (and fingers) of sophisticated thieves, hackers and other bad actors. So businesses are increasingly migrating to biometric systems. No matter the technology—fingerprint readers, retinal eye scanners, voice recognition, hand geometry, facial recognition or even the new “selfie”-based authentication systems that MasterCard and the financial services company USAA have rolled out—the idea is to verify someone’s identity by tying it to multiple mechanisms at once, known as biometric modalities. These modalities, when used in concert, can provide a significantly more secure environment.
But executives who are engineering new digital products, apps and web sites will need to find the right balance between security and user experience. When businesses invest in one particular type of biometric (e.g., thumbprint or facial recognition), there is a tendency to force all their customers to adopt it. This offers users no choice in information security. One customer might not mind using his thumbprint to open an app, while another might flat-out refuse. When a company offers only one option, it severely limits its reach. A much better approach is to rethink security from a user’s perspective, offering personalized options.
Anthony Rjeily is the financial technology practice lead for KPMG. Charlie Jacco is the US financial services leader for KPMG Cyber Security Services.