[Dave Birch] I was looking something up and came across a post that I'd made about a report from TNS Global on the "New Future in Store" and I noticed that of a list of new technologies that they interviewed the European public about, fingerprint payments were rated top. This struck me as incongruous, given the commercial failure of fingerprint technology-based payment systems at POS, including in Europe.

Albert Heijn has currently decided not to follow up on the trial, citing ‘security issues and vulnerability to fraud’. The participants however were enthusiastic about the payment method and applauded the fact that they could complete their purchases without needing their debit cards, cash or loyalty cards.

[From The Paypers. Insights in payments.]

There was a similar trial in the UK, with the Co-Op, that was similarly discontinued. That's not to say that biometrics are of no interest to retailers, because there are some process that can be greatly be improved through the use of the technology.

The Co-operative Group is to use fingerprinting machines to track staff hours. The society plans to install biometric data collection terminals in its food stores over the next two years to record the working hours of its 55,000 staff.

[From thegrocer.co.uk | Articles]

This illustrates a general point from my talk at Biometrics 2009, which is that the commercial payback on biometrics as part of an overall identity management strategy looks much better when it comes to "staff" applications rather than "customer" applications. That's not to say that biometrics will not become a customer choice in the future.

They will, but as we already know, insofar as consumers do think about biometrics, it is about convenience, not security. But I'm fascinated by paleo-future at the moment, so I wonder if it is just a question of familiarity. The public think about biometrics as fingerprints, basically. So they're not saying that they want to see fingerprints at POS but that they want to see biometrics at POS and they only tick "fingerprints" because that's how they visualise the future of biometrics. I don't think that this is much of a guide, because there are much better and more useful biometrics coming on stream.

National Australia Bank (NAB) has introduced biometric voice verification for its telephone banking customers. Following an internal pilot involving 2000 branch staff in May, the speech security function is now available to NAB's 3.3 million personal banking customers. Customers calling the bank's contact centre can now register their voice pattern, which NAB says is harder to steal than a password or PIN, improving authentication.

[From Finextra: NAB introduces voice biometrics for phone banking]

As an aside, there's another reason why financial services organisations ought to be keen on moving the customer interface over to voice. Voice prints can tell you more than whether someone is who they say they are, and more than what they are saying.

The [Department of Work & Pensions, DWP] is conducting its own research into the efficacy of Voice Risk Analysis based on trials by local authorities and Jobcentre Plus... Departmental statisticians have completed an evaluation of the data from six trials in local authorities and one by Jobcentre Plus. The pilots included reviews of existing housing benefit claims in local authorities or consortia of local authorities and new claims to income support and job seeker's allowance in Jobcentre Plus... In each trial customers provided information to support their claim over the telephone and staff used Voice Risk Analysis technology to help classify the call as high or low risk. A selection of customers from both groups was followed up with a face-to-face review that aimed to corroborate the operator's judgment by seeing whether this further investigation revealed changes that would have affected the benefit in payment.

[From Voice Risk Analysis: 11 Mar 2009: Written Ministerial Statements (TheyWorkForYou.com)]

So what is happening is that people applying for welfare benefits are having their voices analysed for stress (in real time) to see if they are lying about their claims. I may be interpreting the figures incorrectly, but they seem to show that about a third of the "high risk" applicants were caught lying, although it's not clear from the figures what exactly was going on (the figures only talk about benefit "changes" following further investigation.

Can you see an integrated solution forming? You call the bank to, say, report a card stolen. You get through to computer uses voice recognition to understand what you're saying, voice authentication to check that you are the card's rightful owner and voice risk analysis to make sure that you're not lying. You have to admit, that's a pretty efficient operation. The call-centre in Bangalore can be shut down and replaced by a few racks in a data centre. OK, pretty compelling. But what about moving the technology out of the office and down to the point of sale? I suppose that three or four years ago I would have seen this as being sometime in the more distant future, because I assumed that chip and PIN would be a long term solution with an associated long term migration strategy through 2FA (token plus password or PIN) to 3FA (token plus biometric plus password or PIN). But now I"m beginning to wonder if biometrics might be a little closer, mainly because of the cost of deploying chip and PIN into markets of diminishing marginal return on the fraud business case and the energising synergy between the mobile channel and voice recognition, authentication and analysis.

In the past 12 months, more than eight million adults have given their chip and pin details to someone else to make a purchase on their behalf or get money from a cash machine for them and a quarter (24%) of those people have then fallen victim to fraud, according to research from Liverpool Victoria, a UK-based financial institution... The worst offenders of giving out PINs are those under 35, with 36% admitting they have asked someone else to use one of their cards.

[From SecureIDNews | Survey: Brits giving up PINs]

Come on, we've all done it. I've used my wife's ATM card when I can't find mine and vice versa and the foreign currency prepaid cards we have in our family are all set to the same PIN so that we can all use them. It strikes me that one of the drawbacks to biometrics is that we won't be able to do this any more, so unless biometrics get rid of cards completely, we'll go through a period of utter annoyance. Perhaps a better migration strategy is not via chip and PIN but around it to phone plus voice.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

authentication, biometrics, mobile, retail, security, technology