Mitek - Present and correct: identity verification – Sarah Clark
Consumers may be more eager than ever to use mobile banking, but accessing services through passwords and personal information is time-consuming, and can expose customers to fraud and cybercrime. Sarah Clark, general manager - identity, Mitek, tells Future Banking how biometrics can be harnessed to simplify and strengthen the authentication process, and why strong identity verification is central to achieving this.
The move towards EMV may have put a dent in credit-card fraud at the point of sale but as merchants change their methods, so too do criminals. Known as 'synthetic fraud', invented details are combined with hacked personally identifiable information (PII) such as addresses and US social security numbers to engineer fake identities that can then be used to open a new account, or access an existing one. In 2015, new-account fraud more than doubled in the US, according to a report by retail consultants Javelin.
Meanwhile, the continuing reliance on entering passwords and personal information to access online and mobile banking services leaves genuine customers vulnerable to account takeovers and data breaches.
Against this backdrop of security concerns, banks must also meet the expectations of customers keener than ever to make payments and transactions using mobile technology, and to do so easily and quickly.
For Sarah Clark, general manager - identity, at mobile capture and identity-verification firm Mitek, these two considerations have one solution, an authentication method that fuses security with convenience.
"Biometrics offer increased account access security because they move the paradigm beyond 'what you know', to 'who you are'," explains Clark. "And when implemented right, they offer a much easier, more seamless mobile experience than entering a username and password or answering questions."
Getting biometrics right, Clark emphasises, starts with the often-overlooked factor of having a strong identity-verification process to prevent synthetic fraudsters from being able to open new accounts in the first place.
"Stronger identity verification and biometric authentication go hand in hand," she says. "Biometrics are great for accessing your existing account but it's the sign-up process where the identity-verification piece of the puzzle comes in, because if that isn't secure then whose biometric is it? Essentially, the front door is open and so biometrics as an account-access method won't be secure either."
For Mitek, for which its Mobile Verify product uses ID documents to authenticate an applicant's identity, facial recognition is central in marrying these two considerations.
First, the camera function of a user's mobile device is used to scan his or her government-issued identity document, invoking computer-vision algorithms in the app that scan for authenticity, and confirms that the ID in hand is authentic and has not been tampered with. Second, a live facial biometric is 'captured' to check that the identity of that document matches the applicant present.
It's a capability with particular significance as banks look to meet the growing digital demands of customers. According to analysis by KPMG and Juniper Research, the global mobile banking user base is set to reach 1.8 billion by 2019, and a US study by the Federal Reserve found that 67% of millennials use mobile banking, compared with 18% of over 60s. But while login via mobile and digital are becoming the norm, end users can be left wanting when it comes to being able to sign up to new accounts through digital channels.
"Secure identity verification is often perceived as the main obstacle to creating an entirely digital or mobile account-opening user journey that can cover all applications, including 'thin files' [those lacking credit history] and 'new to country' - but it isn't," Clark says. "Similarly to how biometrics as a replacement for a username and password login turn the security paradigm away from relying solely on data that someone knows, a more secure identity-verification process moves beyond relying only on 'what-you-know' factors towards 'what-you-have' factors."
With this identity-verification step undertaken, login can thereafter become a matter of the user simply showing their face to the phone's camera. Liveness detection ensures that the image is of a real person rather than a picture or video, automatically (as an in-built part of the facial capture) and through more active 'challenge responses' that require the user to respond to a request such as a movement. Banks can apply one or the other of these detection methods as required in accordance with the relative risk of the function being accessed.
Mitek's system represents an approach recognised in the latest anti-money laundering regulation, with the EU's recent AML 4.1 directive stating "it is essential to recognise secure electronic copies of original documents as well as electronic assertions, attestations or credentials as valid means of identity".
But the ultimate test of the suitability of Mitek's system in the current regulatory climate is in its application in the market. Clark sites a top-25 European bank that is now live with a mobile channel for new account opening that leverages the Mitek identity-verification process.
She explains: "This shifted [the bank] from depending on having only an in-person channel for enrolment, which included an in-person identity-document check, to having a mobile user journey end to end, including secure inclusive and instant identity verification. They found that thousands of users were attracted to their new mobile-account opening channel, and experienced high success rates and no compliance issues. That is the best proof for standing up to regulatory concerns."
Commercial launches of Mitek's system in the market include MasterCard and Atom Bank, and Clark is working with several other players to test and pilot services. While banks are rightly taking time to perfect the roll-out of biometrics, Clark is confident that the technology will ultimately render traditional password and information input approaches obsolete over the next decade.
"There is always the issue with any new innovation that the larger incumbent banks tend to deal with complex legacy platforms that can make it challenging to create new user journeys. But given the way biometric platforms are architected, this shouldn't generally be a root cause to hold back moving forward with this type of innovation."
What's more, Clark feels that the evolving regulatory landscape makes the ROI of using 'regtech' (regulatory technology) firms like Mitek particularly appealing to banks that are already spending billions on compliance.
Call to action
While leading with its facial-recognition identity-verification product, Mitek also sees biometrics as holding the key to strengthening other weak points in the security of the banking customer journey.
For example, call centres that allow customers to call in to reset account access can be vulnerable to fraudsters using stolen PII. Here, layering in voice biometrics for landline calls, or facial biometrics from the mobile device making the call, can provide a second level of security to the existing what-you-know factors in place.
For Clark, the best application of biometrics - or indeed any new technology - comes down to a clear vision of the user journey and how this can be optimised. This approach is vital to effective innovation in finance, she believes.
"I think the key to innovation in general, and finance included, is really backing up and thinking through the best user journey at the core, as opposed to looking at transactions or platforms, or other sorts of siloed approaches.
"I've seen our early adopters have strong cross-functional teams that work together in innovation centres. These teams need to include business and product decision-makers, development, tech and even compliance members, who are empowered to make decisions, all working together instead of in silos."
With so many fintech developments under way, how might that core user journey evolve in the next five to ten years - which innovations will actually catch on?
"There's a lot of traction with respect to real-time payments and I see that as being a very key area of innovation that will be increasingly embraced by end users," Clark says. "Another interesting trend is generally the blurring of where does your bank end and other platforms or experiences begin. Banks are starting to partner with social media and other digital companies."
Joining the dots between social and financial digital channels enhances the customer journey overall, Clark believes, and she is excited to see mobile banking services take shape around the customer.
"At the end of the day, users want to interact on their mobile devices in ways that are natural to them and interact financially as part of their social presence."