Biometric authentication: a passwordless track to great customer experiences

Banking Technology Payments Security

Biometric authentication has been used for centuries to positively identify people. In the digital world, it is no surprise that biometrics have become an essential way of providing credence in an identity claim to bolster security and combat various types of fraud, writes Entersekt’s VP of Marketing Research and Communications, Lelanie de Roubaix.  


The latest advancements in this technology combine the convenience of behavioral biometrics and the streamlined approach of risk-based authentication. The result is Context Aware™ Authentication, a solution that delivers value across the board: Customers enjoy a seamless user experience and strong security. Organizations are provided with an easy-to-deploy method of authentication that offers consistent experiences across any channel or device. 


Biometric authentication – a recap 


Biometric authentication has become part of many consumers’ daily lives. Much like a set of keys, we use them to unlock smartphones and computers and to access buildings or vehicles multiple times a day. The quality of being unique and inherent to a person has also made biometrics key in various industries where positively identifying a person is necessary.  


Law enforcement agencies have used fingerprint biometrics to positively identify victims and suspects in criminal cases since the late nineteenth century, for example. In the financial services and payments industry, biometrics has become a cornerstone of modern authentication methods – with good reason. 


Hello, passwordless authentication 


One of the reasons for the widespread adoption of biometric authentication in recent years is undoubtedly linked to passwords. Across industries, there has been a global mission to reduce reliance on passwords and instead opt for passwordless authentication solutions.  


As knowledge factors that rely on knowing or remembering something, passwords are weaker than inherence factors (like biometrics) or possession factors (like a mobile device or a hardware token) – as illustrated in the graphic below.  



The authentication trifecta: Knowledge, possession, and inherence.  


Passwords can also easily be shared or stolen. In fact, the FIDO Alliance estimates that 80% of the world’s data breaches can be linked back to passwords. They can also be cumbersome to manage, as anyone that has recently had the misfortune of forgetting a password or having to make up an alpha-numeric password would agree.  


Find out more about passwordless authentication. Click here


And it seems as if the world is starting to take note. In a 2021 report, Gartner estimated that more than 50% of the global workforce and more than 20% of customer authentication transactions will be passwordless by 2025. And if passwords are on their way out, biometric authentication is certainly on its way up.  


The case for personalized experiences 


One of the key characteristics of biometric authentication is its reliance on traits that are inherently human and unique, allowing for highly personalized user experiences. 


  • Our fingerprints, faces, palms and irises are all classified as morphological biometrics, static in nature and hard to compromise.  
  • The way we move or type, handle a device, our heartbeats, and our voices can also identify us. These traits are classified as behavioral biometrics and are dynamic traits, linked to movements in specific periods of time.  


Although fingerprints are the most widely used biometric factor, many devices give consumers the option to use the biometric factor of their choice to unlock a device. In the financial services and payment industry, the importance of personalization and accommodating customer choice is increasingly being recognized. Authentication solutions that provide the capability to customize user journeys undoubtedly have the edge in the market, and it’s clear why.  


Curious about biometric authentication? Learn more


In fact, in a survey of senior leaders in financial services, Gartner found that “less than half of banks (48%) are confident that they can effectively execute when it comes to evolving products and channels to meet changing customer needs.” 


Convenient and user-friendly to boot  


One of the key benefits of using biometrics is convenience. While the importance of multi-factor authentication (MFA) to protect digital and financial accounts is increasingly being recognized, many outdated methods are clumsy and not reliable.  


  • SMS one-time passwords (OTPs), for example, rely on mobile network availability and can be subject to SIM-swap fraud and man-in-the-middle attacks.  
  • Hardware tokens can be lost or stolen.  
  • In some cases, like we’ve experienced with card issuer PLUSCARD in Germany, consumers simply prefer not to use a smartphone for authenticating online purchases. 


In all these cases, biometric authentication offers a secure, convenient, and easy to use alternative.  


Furthermore, in multi-factor authentication solutions that rely on biometrics, the customer always has their second authentication factor with them – whether this be their fingerprint, a facial or retina scan, or behavioral factors like how they type or handle a device. And by leveraging the FIDO2 framework for biometric authentication on a browser, consumers do not necessarily need to own or rely on a smartphone to benefit from biometric authentication. 


Explore the possibilities of authentication without an app. Click here



Stronger security, better data protection 


In the digital age, it’s commonly accepted that our personal information has become a valuable commodity. It needs to be safeguarded and handled with care. Unfortunately, large-scale data breaches across the globe have resulted in significant amounts of personal information, including usernames and passwords, being compromised. Relying on passwords and other knowledge-based factors for protecting access to accounts and personal information is no longer sufficient or advisable.  


Biometric factors are far harder to compromise. They can’t be easily shared, guessed or stolen, and can’t be reset by fraudsters attempting to hack an account in the way that passwords can. In many industry specifications for biometric authentication, including FIDO authentication, the user’s biometrics never leave their device.  


The FIDO2 specification also makes provision for browser authentication, where authentication factors including biometrics can be used to secure logins to websites and even authenticate online payments. This level of security ensures that consumers are protected against fraud resulting from phishing and man-in-the-middle attacks, password theft, and replay attacks. 


Integrated: Biometrics and the future of authentication  


Biometric authentication can offer greater security than traditional forms of authentication – especially when used as part of a multi-layered approach to authentication. And, as we’ve seen above, when also considering how convenient and easy they are to use, it’s clear why 32% of consumers believe that using biometrics is the most secure way of logging into online accounts, apps, and devices.  


The benefits of biometrics to consumers are clear, but where does this leave financial institutions? Well, when biometrics are used as part of a cross-channel authentication solution that leverages insights from all known channels and devices, and analyzes the context of each customer and transaction, the benefits to financial institutions immediately emerge…  


Authentication experiences are customized, friction is minimized, and all channels and devices can be accommodated. Add to this easy integration and quick deployment, and we’re looking at the future of authentication or, as we call it here at Entersekt, Context Aware™ Authentication. 


To learn more about the benefits of biometric authentication for you and your customers, contact Entersekt today.