abstract,blue,eye,human,intense,iris,macro,retina,scanner,security,access,accessibility,biometric,biometrics,business,circuit,closeup,computer,concepts,confidential More ID 38577009 © Geebshot | Dreamstime.com 5 2690 87 Royalty-FreeExtended licenses ? XS 480x320px 6.7" x 4.4" @72dpi 170kB | jpg S 800x533px 2.7" x 1.8" @300dpi 402kB | jpg M 2121x1414px 7.1" x 4.7" @300dpi 2.2MB | jpg L 2738x1825px 9.1" x 6.1" @300dpi 3.5MB | jpg XL 3526x2351px 11.8" x 7.8" @300dpi 4.4MB | jpg MAX 4242x2828px 14.1" x 9.4" @300dpi 6.3MB | jpg TIFF 4987x3325px 16.6" x 11.1" @300dpi 47.4MB | tiff Add to lightboxDOWNLOAD
Banks are adopting biometric technology in customer checks © Dreamstime

Aliya Ram

Jump to comments section

The historic failures of big banks including BNP Paribas and HSBC to comply with international sanctions and anti-money laundering rules ushered in a tougher regulatory regime on customer identification. The fallout from those cases has extended beyond financial penalties: watchdogs have increased pressure on banks to spot malpractice through background checks and monitoring transactions.

These higher expectations, including “know your customer” rules and anti-money laundering regulations, have proved difficult for financial institutions to implement. Most have ramped up investment in compliance, but some have faced potential legal challenges from customers who have had accounts frozen.

As they struggle to cope, a new crop of technology vendors has targeted these financial institutions with software that can identify customers using biometric technology such as facial recognition, and synchronise this information across devices.

Smaller start-ups such as Crosswise, which can help advertisers identify a “map” of the internet-connected devices being used by an individual, and Ping Identity, which sells single sign-on systems, have been snapped up by those attempting to capitalise on this market. Research by Crunchbase, a website that gathers data on start-ups, showed $6bn of deals involved identity management companies in 2016.

“Technological advancements will allow the ‘know your customer’ process to become more standardised and structured,” says Derek Ryan, a partner in Deloitte’s forensic practice. “Intelligent automation, artificial intelligence and machine learning can all now be applied to the process” — which previously involved clients presenting proof of identification in person, for example.

Changing spending habits reflected in online shopping and international travel are driving growth in digital payments, and technology companies argue that their services will become more relevant.

“As people move to the digital realm, the traditional methods of authentication don’t work,” says Rob Harris, vice-president of product management at Fidelity National Information Services (FIS), which supplies services such as payments technology to financial institutions including Barclays, Credit Suisse and PayPal. “Many of the traditional criteria are no longer enough.”

Together with Equifax, the credit scoring agency, FIS in August launched a digital authentication service called OnlyID that uses predictive analytics to detect customer fraud. The system synchronises data from multiple businesses so customers with more than one bank account or online shopping profile can be assessed for anomalous behaviour across different companies. “We need to create identities that operate across businesses,” says Mr Harris.

The new technologies face challenges, however, especially in relation to the EU’s data protection rules that come into force in May. The General Data Protection Regulation, which will restrict how companies collect and store data, will give citizens the right to ask for information to be deleted. Breaching the rules could cost financial institutions up to 4 per cent of global turnover or €20m, whichever is higher.

Confronted by these new rules, banks could become reluctant to collect or share troves of personal information for fear of regulators or private lawsuits. However, some technology companies, such as ForgeRock, have attempted to capitalise on the rules.

Users of platforms underpinned by ForgeRock’s ID management technology, such as HSBC and Nomura, will be able to limit how data can be shared. This means the bank’s customers will be able to select which data are shared with specific third parties and withdraw their consent. “Digital trust depends on data privacy being entwined with fraud protection,” says Nick Caley, vice-president of financial services and regulatory at ForgeRock. “Rules, standards and good governance are now pushing technology innovation to deliver better outcomes.”

However, Andrew Gordon, global leader of fraud investigation and dispute services at EY, the consultancy, thinks much work remains to be done if truly radical technologies are to be introduced: “Simply implementing new technologies is not enough,” he says, adding that the whole process of bringing a customer on board, including the necessary ID checks, should be redesigned to take advantage of the functionalities of new systems.

He points to biometric identification techniques, for example, which allow customers to prove their identity without going into a branch. Likewise, systems could make more use of technologies such as blockchain, which can help banks identify owners of funds or trace their original source, and social biometrics that can parse social networks for information.

Not only will these new technologies transform the process of bringing a customer on board, they will also “save time and money”, Mr Gordon says.

Copyright The Financial Times Limited 2024. All rights reserved.
Reuse this content (opens in new window) CommentsJump to comments section

Follow the topics in this article

Comments