Asia is leading in the use of mobile biometric activity. Most current cell phone-based biometric applications are being seen in Japan, South Korea and, increasingly, China, where biometrics are used to unlock handsets and/or applications on the handset. In all these cases, though, the biometric is used to supplement, rather than replace, the normal security systems already in place for online and mobile banking. In Japan, Softbank Mobile (formerly Vodafone) and NTT DoCoMo both offer Sharp handsets that use Face Recognition, from biometric vendors such as Oki and Neven Vision. Several handsets on offer at all the mobile operators have Fingerprint sensors, including those from LG, Fujitsu, Samsung, Panasonic and Sharp, using fingerprint technology from AuthenTec and Atrua. In addition, Oki Electronics has come out with a proprietary cell phone that contains Iris Recognition software that uses the phone’s own camera. (Whether this phone had to be retrofitted with infrared filters is not clear.)
In China, handset vendors are starting to introduce handsets with fingerprint technology, including Yulong and Qiao Xing Mobile (CECT). And in Korea, KTF has introduced several phones using AuthenTec’s fingerprint solution, including those from Pantech, Motorola and LG.
While Europe has not been as active in this area, there was an EU collaborative research program started in 2004 called SecurePhone that produced a high-end PDA prototype using face, voice and signature-based biometric authentication systems on a SIM card. More recently, Swisscom Mobile has embarked upon a trial using Atrua’s fingerprint sensors on a Toshiba phone.
In India and parts of Africa, governments and financial institutions have started using biometrics to enroll rural populations for social benefits and banking applications. In these cases, the reasons for the use of the biometrics are to provide identity verification and prevent fraud. While these applications are generally being provided via mobile ATMs, smart-cards and “roving” service agents, rather than via cell phone, the concepts are similar and proving usable in these markets and, critically, acceptable to financial regulators.
In India, use of smart cards to effect payment to the poor through government sponsored schemes as well as ATM’s operated through biometric identifications are already under implementation. Providing mobile phones to the rural poor with similar technologies is likely in the near future.
Bolivia in South America has biometric ATM’s by Prodem FFP Bank in operation in 1999. To overcome barriers such as illiteracy, they created a solution employing smart cards, fingerprint recognition technology and smart ATMS, as well as stand-alone, voice-driven ATMs in local languages with color-coded touch screens.
Capitec Bank in South Africa is using biometrics for providing low-cost banking services to unserved populations, largely via kiosks and smart-cards, while the government is using fingerprint recognition for the delivery of pension benefits to its citizens. Net 1 Technologies designs smartcard and banking systems aimed specifically at unbanked populations. Their system uses secure smartcards that operate in real-time but offline, unlike traditional payment systems offered by major banking institutions that require immediate access through a communications network to a centralized computer. This offline capability means that users of Net1’s system can enter into transactions at any time with other card holders in even the most remote areas so long as a portable offline smart card reader is avail-able. Net1 was recently chosen by the Central Bank of Ghana to develop biometric smart-cards for use in that country’s ATMs and POS.
Key Issues to Consider in Designing a Biometric Security System in Mobile Banking
- Who does customer belong to - mobile operator or bank?
- Who builds, operates and owns the mobile banking platform?
- Who pays cost of new and/or upgraded cell phone hardware? How are cell phone batteries kept charged (solar?)
- How will customers enroll in system? Physical presence required, plus processes for verifying initial identity claims
- How will customers be trained in use of system?
- Should debit cards be issued in conjunction with service for use in urban ATMs?
- Need exception handling for both enrollment and verification; 1-800 # for problems, with secret questions for instances when customer cannot verify biometrically?
- To what degree will biometric match decisions be incorporated into existing interfaces for banking, payment and clearance systems?
- How many identifiers - handset ID, bank account #, biometric ID?
- What are the threshold (accuracy) requirements?
- Location of biometric data storage and processing for maximum availability
- Administrative and auditing functionality to manage biometric accounts and transactions
- How much personal data resides on handset?
- Cash handling network and use of field agents, retail agents, mobile ATMs
- Software requirements for cell phones not prohibitive; software and backup requirements for mobile banking systems and linkages to bank network to be determined
- Processing requirements - need basic data network (should not need 3G as long as there is a secure tunnel to the bank)
Summary
The financial sector is increasingly interested in the use of biometrics to help in the ongoing fight against money laundering and terrorist financing, fraud and consumer protection. Biometrics would be a useful solution to the issue of security for mobile banking in developing countries, particularly to address the unique needs of the unbanked in rural areas. Technically, the use of biometrics is entirely feasible in mobile applications. The accuracy of biometric identification systems is as good if not better than most traditional banking security systems, and the software and transmission requirements of several biometrics technologies are certainly within the realm of possibility for most of today’s cellular networks. The main issue to address with any biometric system is that the performance will only be as good as the quality of the data captured, so that environmental controls and user training are of paramount importance.
For purposes of mobile phone banking, fingerprint recognition appears to be the best technology to use today. Fingerprints are already being used for several rural banking applications around the world, with acceptable performance and security results. And while there is a requirement for incremental hardware and software to accommodate fingerprint sensors on the handset, the use of fingerprint recognition technology is being used in several mobile phones today by a wide range of handset vendors. As for use in cellular networks, the size of fingerprint templates, which can range from 250 to 500 bytes, can easily be transmitted via today’s GSM and CDMA data networks, allowing for systems that can provide matching both locally and centrally, depending on the application requirements.
In terms of how it would work, fingerprint recognition security could either interface directly with a bank’s online banking system, an approach that will often require costly systems integration (and result in an undesirable one-off solution), or it could interface with a separate mobile banking platform. The mobile banking platform would act as a “black box” intermediary between the cell phone and the bank, receiving the identity and biometric authorization data from the user’s handset and, once verifying the information, sending a pre-authorized signal to the banking system, using standard ISO banking protocols, telling the bank to go ahead with the transaction at hand. In fact this is how many mobile banking systems work today, taking information from the handset and translating it in one form or another for use by banks and payment processors.
As is often the case with new technology applications, the biggest issue facing mobile operators and banks when trying to evaluate biometrics for mobile banking will not be the technology, per se, but rather the business case around building the technology into the application. Questions such as who owns the customer, who builds and operates the mobile banking platform, who pays for the cell phone, and who handles all the implementation, training and customer-service related issues all need to be addressed to understand the overall attractiveness of a biometric mobile banking application.
Reference:
http://www.scribd.com/doc/14332398/Biometric-Security-For-Mobile-Banking-2008
http://bcta-initiative.org/wp-content/uploads/2010/02/1930-UNDP-BCtA-Case_Map_LR3.pdf
http://jackfruity.com/2010/04/mobile-money-is-the-mobile-secure/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment