To: GonzoBankers
From: GonzoLabs Biometrics Division
CC: Biometrics Vendors
Re: Biometrics Update
As you know, the folks here at GonzoLabs can be a little “off the wall” and even stray from reality every now and then. (Our readership has suggested the administration of drug tests on a regular basis.) But when it comes to technology, we are all about keepin’ it real. We are big proponents of current, live, up and running deployments–whatever the technology may be. There has been a lot of buzz floating around the biometrics space lately, and I think a reality check is in order.
It’s been almost a year since GonzoLab’s founder Carl “The Finger” Faulkner took the lead in a pilot program to test and review basic fingerprint scanner technology. I can remember Carl strutting through the office showing off his latest toys. (Read The Results Are In From the Lab.) Long story short, a variety of tests were conducted that led to the same conclusion that most of you have drawn: “Although the technology is interesting and shows promise, it’s not ready for prime time.”
Now, despite the fact that this test was statistically insignificant and probably just a hair better than a biometrics vendor conducting its own study, the conclusion is relevant. For years, the folks at GonzoLabs have been reading tech magazine articles touting biometrics as the next great innovation in banking. These articles talk about next generation technologies like iris scanning ATMs and face scanning kiosks but have no real success stories to back them up. For instance, whatever happened to those popular iris scanning ATMs that were such a big hit at the ’98 BAI Retail Delivery show in Las Vegas? Remember, those futuristic scanners that would authenticate you by the time you made it up to the ATM and no card or PIN was required? Some pretty cool stuff, but maybe a little ahead of its time, eh?
There seems to be a great deal of smoke and mirrors used in the media lately when referring to biometrics. What’s real and what’s fantasy? Take a look at the following GonzoList comparing these illusions with reality…
Illusion: Biometrics is the answer to all your banking security problems.
Reality: While it’s true that biometrics cannot be lost, stolen or forgotten, biometrics most certainly does not solve all of your banking security challenges. In fact, you may be opening your bank up to other forms of risk. Remember, anything that can be digitally transmitted can be copied and therefore forged.
Illusion: Biometrics offers a single sign-on for all of your applications.
Reality: Implementing a single sign-on intended to solve the multitude of usernames and passwords is a winner in my book but can be a painstaking endeavor that involves some ugly integration of legacy-based banking systems. More importantly, this is separate from the biometrics decision. Implementing a single sign-on can be done without the use of biometrics although many biometrics vendors package it as a complete solution.
Illusion: Using biometrics will reduce your help desk call volume significantly.
Reality: Again, the single sign-on will solve some of this problem without the need for biometric technology. Furthermore, you can count on a significant number of calls resulting from failed scans (especially from users who like to eat at their desks).
Illusion: Fingerprint scanning technology will play a big role in multifactor authentication initiatives over the next few years.
Reality: Until fingerprint reader standards are adopted and commonplace, the costs involved in deploying this technology will be limited to a relatively low number of profitable cash management customers. However, an interesting case may emerge in the voice recognition space for the VRU channel of authentication.
Deployment Update
Employee-Facing
By now, most everyone out there has gotten their feet wet with some sort of a pilot program involving fingerprint scanning technologies used for physical access control and, in some cases, network authentication for single sign-on (SSO). As you can 
imagine, this is by far the most widely deployed flavor of biometrics used today due to the maturity of the technology and low amount of risk to the customer.
To date, results from a multitude of pilots have produced mixed results. There are several banks and credit unions that are taking advantage of biometrics for network authentication that swear by the technology. Los Angeles Firemen’s CU is a prime example. LAFCU implemented a single sign-on using fingerprint technology and is very pleased with the results. Still, others cannot get over the high costs involved and are challenged to make a case that justifies the expense. Let’s face it, when all is said and done, it comes back to the annual budget and the ol’ “Show me the money!” from the CFO.
Customer-Facing
Way back when, Bank United ran an ATM pilot using customer-facing iris scans in supermarkets throughout Texas. Whatever happened to that program? The WAMU acquisition seemed to be its demise. I have to believe cost was a big consideration. Since then, signs of promise are re-surfacing in the customer-facing area. There are some technology-savvy credit unions out there using fingerprint scanning to authenticate members at the teller line and at SEG-based kiosks where branches don’t make sense.
Some success has also been achieved in the safe deposit box area. Unmanned fingerprint and hand geometry biometrics are being deployed at several banks and credit unions throughout the country for access to individual safe deposit boxes. Customer adoption seems to be a non-issue as the self-service access is quick and easy. Also, hard cost reductions in staffing have been realized in many of these institutions. This one could be a winner in my book.
Remote Use
The FFIEC’s guidance issued in October 2005 brought remote use technologies to the forefront. By satisfying the third factor of authentication (“something the user is”), remote use is sure to spark interest. The challenge is clearly going to be cost. Until the industry can agree on standards so that devices are commonplace and integrated into every PC, traction will be limited.
One area where remote use may make sense is in cash management and Treasury services. Deploying biometrics to a relatively small number of your more advanced, profitable, cash management customers would certainly provide increased security for high dollar origination transactions. Furthermore, the costs associated with the hardware could be written off using the fees driven by the customer’s account analysis statement.
Conclusion
History has proven that although bankers always seem to be interested in the latest in technology innovations, it typically takes years to adopt and implement them. This is certainly the case when it comes to biometrics. One of the biggest challenges the biometrics industry must overcome in the financial services sector is cost related to the proprietary nature of the technology. Until standards are created for scanning and storing of data, we will continue to see pilot tests fizzle out and the occasional success story in niche businesses. There’s no doubt that biometrics will someday play a key role in financial services infrastructure, but we’re just not there yet. Check back next year for another biometrics update from the GonzoLabs team.
-ew