Biometric finger vein scanning technology for authenticating online banking transactions will be available to Barclays’ corporate customers from next year.
In a move to combat fraud the bank has combined Japanese firm Hitachi’s VeinID finger vein authentication technology with a digital signature system to create the Barclays Biometric Reader, which allows customers to log on to online bank accounts and authorise payments without the need for PIN, passwords or authentication codes.
The device is connected to a PC via USB cable and uses infrared light to capture an image of the veins of the index finger before comparing this to the registered user’s unique pattern of blood vessels, which is stored on a smart card similar to the chip found on a chip and PIN card.
If the images match an encrypted authorisation code is transmitted to the connected PC to validate the transaction. According to the bank, as an internal structure, a finger vein pattern is nearly impossible to fake unlike other biometric identifiers such as finger prints, which can be forged.
Speaking at a press briefing at Barclays’ London headquarters Ashok Vaswani, CEO of Barclays personal and corporate banking, was also keen to stress that a severed finger would not be able to pass the test as the blood quickly drains out of the veins rendering them invisible to the infrared light.
“Finger veins have been demonstrated to be the most distinguishing feature of any person so it gives the highest level of security,” he added. “If it had any known issues we would never ask our clients to go down that path. The security in finger vein scanning is about the highest you can get and that’s why we feel so confident in it.”
The launch of the biometric reader follows on from the bank’s introduction of voice biometrics for Barclays Wealth customers to identify them on phone calls, which Vaswani says has been a “phenomenal” success.
Hitachi’s VeinID technology is already used by banks for password replacement, single sign on and ATM machines in Japan, North America and Europe and Barclays says there is potential for it to be introduced more widely in UK branches.
“Typically when you upgrade security you increase complexity,” said Michael Mueller, head of international cash management for Barclays Corporate.
“It’s so simple it doesn’t wow anyone, it’s just a very simple and also intuitive process for the customer. I think it opens up a whole range of opportunities for this, but also beyond this, and that is why we are so excited about using biometrics.”
Mueller also suggested that while the company considered that finger print scanning technology, now available on several smartphones, was not secure enough for corporate banking it could have a role in personal banking in the future where security requirements are not so stringent.
While the readers themselves can be used by several people, each registered user will receive their own smart card, which contains private keys and security certificates based on industry standard Public Key Infrastructures (PKI) digital signature systems alongside their finger vein data – meaning Barclays would not hold any biometric information about their customers.
Advanced algorithms mean pattern matching happens in just seconds and Barclays claims a false acceptance rate – the likelihood that someone is falsely recognised as someone else – of one in a million, which it says is one of the very lowest among biometric technologies.
The false rejection rate – where the machine fails to recognise the right user’s stored pattern and rejects them – is one in ten thousand.
Hitachi were also keen to stress that the device is secure from any attempts to extract information from the smart card should it be lost or stolen as it has been tested to Evaluation Assurance Level 6 – the industry standard for banking security technology.
Ben Edgington, senior manager for engineering and product management, said: “The amount of reverse engineering needed to get any data off the smart card in the device, that level would be phenomenal.”
The biometric reader will be an optional service for Barclays corporate banking customers and will become available from 2015.