As biometrics transitions from science fiction to reality, the financial services industry appears ready to embrace it as a mainstream means of authentication – for everything from mobile payment platforms to core processing systems.
According to the London-based firm Goode Intelligence, by the end of this year, some 450 million financial institution customers globally will use biometrics, which will also be the principal banking authentication method by 2020.
The Brookfield, Wis.-based core processor Fiserv, for instance, recently integrated palm vein biometrics technology into its DNA account processing platform, which will initially facilitate authentication for activities such as withdrawing funds or accessing a safety deposit box.
Strong authentication mechanisms including biometrics are difficult to implement into financial enterprise systems, but the New York City-based biometrics-as-a-service provider HYPR is claiming to make it easier with its biometrics security software development kit.
HYPR's Biometrics SDK provides a device-agnostic platform that enables enterprises to implement biometric authentication through any application. Instead of replacing a company's authentication scheme, HYPR adds biometric authentication compatibility to an existing infrastructure, allowing users to authenticate using fingerprint, facial or voice recognition on biometric devices. The product includes mobile and desktop client libraries, as well as server-side software, to facilitate biometric tokenization.
The HYPR platform also allows users to authenticate without transmitting biometric data – rather than storing user data on a centralized server, the product keeps the data securely offline.
While earlier biometric processes verified individuals using a one-to-many authentication approach, today's method matches a user's biometric data against about a million other templates, George Avetisov, CEO of HYPR, explained.
"What has changed is that we have shifted to a one-to-one matching approach, whereby when someone puts their finger or face to a phone, it is not checking it against everyone else's biometric, it is checking it against yours," he said.
Recently, HYPR announced the general availability of Biometric Tokenization SDK for third-party integration, which contains the client and server code necessary to implement biometric authentication for any type of authentication available on a user's device. Its tokenization protocol eliminates the risk of storing biometric data online.
For example, with the third-party integration, a credit union can run the HYPR server-side code with the appropriate code also implemented in an app on the user's device. Then, when the user logs in to the credit union's app using the phone's fingerprint reader, he or she is not authenticating through the phone itself, Avetisov said. Rather, the user is signing a cryptographic challenge that the credit union has sent through the app for the user to sign, by way of his or her fingerprint.
HYPR's SDK is currently being deployed by a number of financial institutions for uses ranging from internal employee authentication to consumer-facing mobile apps.
"Right now the most traction we are seeing for the technology is from the banking sector," Avetisov said. "Everybody is looking to utilize biometric authentication."
Another company helping organizations incorporate biometrics is the Israel-based BioCatch, which has three new patents that extend its ability to authenticate PC and mobile device users through cloud-based behavioral biometrics.
The BioCatch patents allow developers to authenticate users through various physiological factors, including palm size, press size, hand tremors and eye-hand coordination, as well as behavioral factors, such as touch and measurements taken by the phone's accelerometer (a component that measures tilt and motion).
"Method and device for confirming computer end-user identity" is the patent name for BioCatch's "Invisible Challenges," a group of hidden tests that evaluate a person's response to a variety of on-screen cues. By processing those responses, BioCatch identifies a unique cognitive signature that, it says, cannot be imitated, lost or stolen.
A second patent, "System, device and method of detecting identity of a user of a mobile electronic device," revealed in February 2015, is device-based and allows touch and the phone's accelerometer to authenticate mobile device users. This patent extends protection to the cloud, enabling every app developer to implement BioCatch's technology.
"The granting of these important patents underscore BioCatch's commitment to providing our customers with an unmatched technology platform to help them best combat fraud," Avi Turgeman, chief technology officer and founder of BioCatch, said.
He added, "The longer the user is online, the stronger his biometric signature. It is important to mention that we do not know who the user is. We simply get an encrypted number from the financial institution, and no personal data is kept."
BioCatch extracts around 500 different parameters as well as usage preferences and interaction patterns. Behavioral biometric technology creates a biometric profile for any user and later compares it with online behavior to validate the user's identity, Turgeman maintained. The technology also detects human versus robotic activity and the presence of malware in real-time.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.