Back in May I asked elsewhere whether your veins could provide an alternative means of verifying your identity at the cash point.
I concluded that, on the whole, the idea was sound though not entirely infallible.
Sure, the risk of having your fingers cut off by a cash thief were slim (assuming the thief realised that blood flow was a necessary element of the authenticating process), but hackers would not necessarily be completely flummoxed by new technology, as demonstrated by Barnaby Jack’s famous ‘jackpotting’ demonstration.
Indeed, in some countries such as Poland and Japan, the new technology has been in place for some time now so it is not surprising to me to learn that Barclays now plan to implement finger vein technology for some UK customers.
From next year corporate customers will be able to use Hitachi technology to access not their ATMs but their online bank accounts without a password, authentication code or chip and PIN reader.
The news has been welcomed by ex-head of payment security at Barclaycard Neira Jones, Independent Advisor & International Speaker – payments, risk, cybercrime, & digital innovation, who told me:
“It is not surprising that Barclays is looking to support innovative technologies for the authentication of corporate customers. This has traditionally been a space where particularly stringent (and often proprietary) technologies (e.g. hardware tokens) have been used to ensure the security and non-repudiation aspects of the transaction types associated with that customer segment. The use of biometrics is certainly a welcome one in that space and will definitely improve the customer experience as well as the safety of transactions.”
Adopters of Barclay’s chip and vein will merely need to place their finger in a scanner that connects to a PC via a USB cable. An infrared light then scans the inserted digit for blood vessels which are then compared to a registered sample that has previously been stored on a smart card.
The scanner itself will be usable by more than one person but each user will need to have their sample data saved on their own card which will be added to the reader at the time of use. To set the card up, Barclays requires one digit to be registered, which it suggests should be the index finger. It also suggests registering a second finger as a backup which, presumably, is a fail-safe for the absent minded who lose the first one.
Michael Mueller, managing director, head of cash management of Barclays Corporate Banking said:
“Typically when you upgrade security you increase complexity. It’s so simple it doesn’t wow anyone, it’s just a very simple and also intuitive process for the customer. I think it opens up a whole range of opportunities for this, but also beyond this, and that is why we are so excited about using biometrics.”
Talking of simple solutions, the bank hasn’t completely ruled out the use of fingerprint scanners in the future either. Such technology is widely available on smartphones these days but isn’t that secure (think gelatin sweets), but Mueller suggested it may have a role to play in applications that require less stringent security.
Do you think this new implementation of biometrics is sound? Let us know via the comments.