Vietnamese Bank Triples Account Base After Issuing Fingerprint-enabled Debit Card for Unbanked

Temenos announced the launch of Vietnam's first fingerprint-enabled debit card, at Mekong Development Bank. The bank’s hopes to entice the unbanked with this card, which is fingerprint enabled, is already paying dividends.

Fully 2.5 billion of the world’s adults do not use formal or semiformal financial institutions to save or borrow money, according to McKinsey Quarterly. Nearly 2.2 billion of these unserved adults live in Africa, Asia, Latin America, and the Middle East. Unserved, however, does not mean unservable. Mekong Development Bank implemented Temenos T24 Biometric fingerprint authentication to provide the 'unbanked' population of Vietnam with access to banking services.

Since the initial launch in June, Mekong Development Bank's current account base has tripled, and the deposit balance per debit card account is two times higher than a regular account without a debit card. Customer fingerprints will be captured by Mekong Development Bank at the point of opening an account - and then used at any one of 33 NCR SelfServ™ ATMs  across Vietnam. This will be extended to other touch points in the near future in line  with Mekong Development Bank's proposition to make things simple for the customer.

The financial institution made a simple modular upgrade to incorporate biometrics to its T24 enterprise system. Mike van der Wal, managing director of NCR in Southeast Asia, comments: "More than half the world's population - concentrated in developing markets such as Vietnam – does not access formal banking services. Mekong Development Bank's biometric NCR ATMs, which identify consumers by their fingerprint in place of a personal identification number, represent a major step forward in bringing banking services to the entire population of Vietnam. Mekong Development Bank's customers can now enjoy convenient access with increased security."

Can Biometrics Help Secure Accountholder Information?

Harris Research suggested that some 80 percent of consumers are concerned about fraudulent access to their financial accounts. It is no surprise therefore that some financial institutions are seeking better security and protection for with biometrics, which is rapidly acquiring extensive consideration for its promise to mitigate security breaches.

The practical use of biometrics dates back to the 14th century when Chinese merchants used ink-stamped palm and foot prints to distinguish children from each another. In the 1880s, a Parisian anthropologist, Alphonse Bertillon, developed a method of multiple body measurements. It enjoyed a run as a forensics tool but due to flaws in the technique, fingerprinting replaced the Bertillon technique as the primary biometrics instrument.

In the past 30 years, biometrics has moved from mainly fingerprinting to many other methods that measure or analyze an individual’s voice, speech, face, iris ,retina, hand geometry, facial thermogram, keystroke dynamics, gait, body odor, hand or finger veins, foot and palm prints, handwriting (or signature), and even (“say ah”) tongue. Today, authentication by biometric verification is becoming more and more common in corporate and public security systems, consumer electronics, and point of sale (POS) applications. Biometrics authenticates identity by way of physiological traits or behavioral characteristics that are distinctive to each individual and cannot be forgotten, misplaced, or stolen.

Financial Fingerprints
Fingerprinted is the best-known and most used biometric method. Uses for fingerprinting today include forensic investigation as well as for passports, ID cards, border surveillance, access control, and even financial institutions.
An example is City Credit Union (Dallas, Texas), which recently implemented a system for controlling physical access to entrances using fingerprints as an alternative to tokens, badges, swipe cards, and PINs. The infrastructure allows for the storing of credentials including fingerprint profiles, names, addresses, passwords, and other employee information and has room for future expansion to computer password management at employee desktops.
Honda FCU uses fingerprint authentication to provide access to about 30 different Web sites and applications used by the 130 or so fulltime staffers at CU's eight locations. From the time of deployment more than a year and a half ago, calls to the four-person help desk for password resets have dropped from about 20 a day to almost none. From a security perspective, it is also a vast improvement as well, instead of employees writing down passwords and keeping them in places such as under their keyboards and in desk drawers, they can put their finger on the problem.

Keeping unauthorized users out of its core banking systems and complying with industry regulations are top priorities for the International Bank of Miami. The bank decided to attempt a stronger security mechanism that allow users to sign-on to their applications with a simple swipe of their finger across a scanner attached to their PC via a USB port. The system does not keep a copy of fingerprints in the system. In its place, it generates a binary equivalent – a number – based on the unique curves of an individual's fingerprint.

Voice Banking
Another way to offer protection is through voice biometrics. The technology uses voice analysis to identify customers phoning in as an addition or alternative to conventional pins or passwords.
China Merchants Bank is using a voice authentication system to verify the identity of customers phoning its call centers. CMB will be the first bank in China to use voice biometrics for telephone banking transactions. The system verifies the identity of a speaker during the course of a natural conversation. There is no need for the call center agent to ask the customer any authentication questions.

Another financial company, YES Bank offers voice-enabled phone banking. The concept uses speech-recognition technology. From the customer point of view, it eases the experience of interacting with the bank and removes the task of recalling the numerous key numbers or other details. The customers need to remember only pre-defined keywords.
TD Waterhouse employs a system that allows clients to create a distinctive voiceprint, which the system then converts into a mathematical representation of the voice that is then stored on file and used to verify their identity.

You’re So Vein
Poland has begun its usage of biometric scanners for ATMs. Poland’s cooperative BPS bank says it is the first in Europe to install a biometric ATM — allowing customers to withdraw cash simply with the touch of a fingertip. This technology permits customers direct access to their accounts with just the use of their fingertips. The digit-scanning ATM comes via Hitachi’s fingertip technology. According to Hitachi, the scanners have an infrared light that passes through the surface of the skin to scan and identify unique patterns in the veins. To verify the user’s identity the user unique patterns are matched to the registered client. Peter Jones, Hitachi’s head of security and solutions in Europe, said, “This is a substantially more reliable technique than using fingerprints.” He further adds, “Our tests indicate there is a one in a million false acceptance rate — that’s as good as iris scanning, which is generally regarded as the most secure method.”

Behind the Healthcare Industry
David Ting, CTO of Imprivata, speaking to SC Magazine, declared that the banking industry is confronted with a severe password predicament with amplified regulation on data security and auditing such as the Basel Accords, Sarbanes Oxley and EU Data Protection Directive. This is together with the challenges of a ever quickening working surroundings that means users are required to log on/log off from several applications, sometimes a few times every day. Asked how biometrics have benefited the healthcare industry, and could move into banking security. He said, “When staff are forced to use complex passwords for each of these applications, they are tempted to cut corners when it comes to password security.

This is where jotting down login credentials and password sharing becomes a real issue, meaning that password-only authentication in a banking environment could be viewed as inherently flawed. In the banking industry, strong, or two-factor authentication, where a password is combined with another form of authentication, such as a smartcard, token or biometric, is ideal for user convenience, productivity and security.”

Better but Not Perfect
The improved accuracy and technological improvements of biometrics systems make them more viable as verification methods and broadly affordable. At the same time, not all biometric methods are uniformly acceptable in all industries and all applications.
Iris scanning is considered the most accurate – with the probability of two people having the same pattern at 1 in 7 billion. In addition, it is comparatively intricate to copy. Nevertheless, because of the complexity of the process, it is also the most expensive, and its precision relies on the individual’s cooperation.

In contrast, face recognition is technically the least invasive, because faces can be scanned by surveillance cameras (even though this also raises privacy issues), but its accuracy fluctuates considerably depending on light, exposure and other factors.
More and more commercial products are emerging. Fingerprinting is actually getting a fresh boost from PC manufacturers that are incorporating it into millions of consumer laptops.
Motorola, an active developer of the Automatic Fingerprint Identification Systems (AFIS) for over 30 years is now marketing its own Mobile AFIS device. The Motorola gadget captures both fingerprints and facial images, connects to wireless networks to upload data, runs on Windows Mobile, integrates bar code scanners, a smart card reader/writer, GPS, phone, and can be held in the palm of a hand.

Fujitsu, another company actively integrating biometrics into its products, sells peripherals such as the PalmSecure PC Login Kit with functional mouse, which authenticates users' identity by analyzing the veins under their palm.

To avoid identity theft, biometric data is typically encrypted when it is collected. To convert the biometric input, a software application is used to identify specific points of data as match points. The match points in the database are processed using an algorithm that translates that information into a numeric value. The database value is compared with the biometric input the end user has entered into the scanner and authentication is either approved or denied. While biometrical identity theft is much more challenging than forging a credit card signature, or illegally accessing and copying archived prints, which can then be used to produce artificial models, is still feasible.

Another great challenge of biometrics is privacy concerns due to its relatively intrusive nature. It is for this reason, for example, that fingerprinting and iris scans are not accepted in much retail, banking and financial services applications at this time.

Still one more issue keeping financial institutions from moving forward with a new biometric system center on anxiety over accountholders complaints associated with poor samples for matching the customer. Poor samples can be the result of many things – such as in the case of voice biometrics – where a poor telephone connection, loud background noise and voice problems associated with illness can affect the sample.

As governments and companies worldwide increasingly rely on biometrics for the secure identification of individuals, standardization increasingly becomes an issue. A proposed Biometrics Laboratory Accreditation Program (the U.S. Department of Homeland Security), would assess the ability of candidate laboratories to evaluate biometric technologies against recognized national and international standards.

Despite these concerns, financial institutions are showing increased interest in implementing the technology due to increased pressure to step up their security as slowly but steadily the biometric pieces are coming together.

To read more about Biometrics, subscribe to Biometric Digest (http://www.biodigest.com)