Face ID is fast becoming a differentiator for organizations that want to provide a frictionless mobile experience.
While biometric authentication remains the exception and not yet the rule, the analyst community strongly believes digital businesses, especially banks, need to pay attention.
For example, in the recent Hype Cycle for Digital Banking Transformation, 2017, Gartner recommends that digital businesses develop world-class capabilities in customer authentication, and specifically, biometric authentication.
In response to the increasing importance of biometrics in banking, VASCO has announced that a new version of the DIGIPASS for Apps platform includes a Biometric Sensor SDK that supports Face ID.
Face ID is the face recognition method offered by Apple on the iPhone X and on this device, it replaces Touch ID.
Balancing Customer Experience and Security
When it comes to technology innovation, there is always a perceived tradeoff between customer experience and security.
The advantage of biometric authentication technologies like Face ID (and previously Touch ID), is the better user experience compared to traditional mechanisms such as PIN/password combinations. Customers want frictionless authentication and, on that count, biometrics easily satisfies their expectations.
While the main driver for biometrics is customer experience, from a security perspective, the strongest foundation remains a multi-layer approach, including biometrics and other authentication technologies combined with mobile app security and risk analysis.
As Steven Murdoch, Innovation Security Architect at the VASCO Innovation Center says in Professional Security, “Although facial recognition technology is progressing in the right direction, there are many people who have concerns about whether someone can ‘steal my face’. While these concerns aren’t unfounded, understanding how facial recognition works is usually a good starting point to alleviate concerns.”
The real security of facial recognition technology comes from the ability to tell the difference between an image of someone’s face – a photograph for example – and the real thing. This is known as liveness detection.
Since the iPhone X uses a 3D TrueDepth camera capable of telling the difference between a person and a photo, no liveness detection challenge is necessary. Apple has said that they look at the 3D shape of the face as well as a photograph to make it hard to pass off someone’s photo. This contrasts with other face recognition solutions in the market today, which use 2D cameras that are unable to measure depth and instead require a liveness challenge to detect if the subject is a real person or a photograph.
As a result, the iPhone X with Face ID makes the user experience far more convenient, as well as secure.
VASCO’s Face ID Solution for Banking
VASCO’s DIGIPASS for Apps now includes support for Face ID on the iPhone X, as well as facial authentication for Android and other iOS devices.
In addition to offering more robust biometric authentication via Face ID, the Biometric Sensor SDK ensures transparent access to the biometric method enabled by the device. It also provides methods to test whether biometric authentication is supported and has been enabled by the user before actually performing biometric authentication.
For banks and others that are building Face ID into their apps and services, there are clear customer experience advantages with facial recognition technology. It’s certainly proving to be a more effective method of user authentication than weak static passwords or a four-digit PIN.
There are added advantages for banks as well. When customers choose biometrics over PIN/passwords, this reduces the amount of support spent by an organization (for example, resetting passwords).
Plus, those adopting and evangelizing biometrics are clearly identified as trendy and modern. Once consumers purchase the iPhone X, the only phone to support a 3D camera, their expectations change. In many cases, they fully expect their mobile banking app to support Face ID just as any other member of the mobile ecosystem.
While it is critical to meet customer expectations for a modern, easy and secure authentication experience, we also know that biometrics alone will not solve all problems. That’s why VASCO offers a wide variety of authentication technologies that can be layered to provide both optimal security and an optimal user experience.
For more information on biometrics, download:
*** This is a Security Bloggers Network syndicated blog from VASCO Data Security – Blog authored by Guillaume Teixeron. Read the original post at: https://blog.vasco.com/authentication/face-id-sdk/