Biometrics Takes the Spotlight in Credit Union Branches

Over the last 30 years, biometrics has gone from being a piece of science fiction to mainstream across many platforms, with credit unions now taking advantage of its authentication capabilities in branches and mobile applications.

The practical use of biometrics dates back to the 14th century, when Chinese merchants used ink-stamped palm and foot prints to distinguish children. In the 1880s, Parisian anthropologist Alphonse Bertillon developed a method of identification through multiple body measurements, which enjoyed a run as a forensics tool, but due to measurement flaws fingerprinting supplanted the Bertillon technique as the primary biometrics method.

Today, many unique human characteristics can be used to authenticate individuals, such as fingerprints, voices, speech, faces, irises, retinas, hand geometry, facial thermography, keystroke dynamics, gait, body odor, veins, foot and palm prints, handwriting (or signatures) and even  tongues (the “say ah” method).

The Brookfield, Wis.-based Fiserv’s Verifast Palm Authentication technology utilizes Fujitsu palm vein biometrics to improve security and operational efficiency. The technology, which captures some five million reference points of biometric data, eliminates the need for other identification methods.

Fiserv couples palm vein biometrics with a Fujitsu tablet, which allows credit unions to quickly ID members when they hover their hands over an infrared sensing device. Enrollment takes about 50 seconds and authentication takes less than a second.

“We are taking pictures of blood flowing beneath the skin. Then we are converting that into a biometric template unique to that person – not even twins have the same pattern,” Dave Reim, director of product management, Open Solutions for Fiserv, said, adding it employs liveness detection. “So, you must be alive to authenticate.” No walking dead allowed.

For employee identification, Verifast eliminates multiple credentials staff needs to access various programs by authenticating them through palm vein biometrics. Staff members use a mouse equipped with a reader that detects their vein pattern.

Reim noted palm vein authentication – available in most of Fiserv’s credit union core systems including Galaxy, Spectrum, DataSafe, Portico, XP2 and DNA – is also gaining traction in intelligent teller machines, which are a part of many branch transformation strategies as well as drive-ups, vault authentication and safe-deposit boxes.

One institution about to roll out Verifast Palm Authentication is the $95 million, Huntsville, Texas-based Community Service Credit Union.

The credit union jumped at the chance to install palm vein technology to improve security and member experience when it learned last fall that Fiserv was seeking Beta sites, particularly for its Galaxy core, which Community Service uses in an ASP version. By the end of 2017, the organization closed a deal to launch employee and member palm vein authentication.

Community Service, which has already installed the biometrics technology, has been busy prepping, piloting and spreading the word about the new technology prior to its intended launch around July 4. “By the time we go into production mode, our members are going to be fighting to get enrolled. That is the kind of atmosphere we want to create for this,” Community Service CFO Patsy Lindamood said.

Lindamood said the credit union started the process with employees so they could help sell it to the members. “That is the absolute linchpin of making us successful.”

Adding palm vein biometrics fell in line with the credit union’s recent technology metamorphosis. “We’ve done a lot in the last five years,” Lindamood said. That included overhauling its debit card platform and adding ATM deposit automation; self-service, IoT-enabled ATM pods inside branches; mobile banking and remote deposit capture; bill pay and CardValet, a Fiserv card management tool. “Most of my knuckles are pretty bloody because of that forward movement with technology,” she added.

The $1.95 billion, Richland, Wash.-based Gesa Credit Union employed the Verifast palm technology to reduce identity fraud, shrink transaction times and improve overall branch service.

Gesa won two awards for pioneering the use of biometrics in its branches. “We were the first ones to pilot this whole application and the process,” Raj Bandaru, Gesa’s chief information officer, chief information security officer and COO, said. He added like any Beta or pilot program, Gesa getting it just right was a trial and error process. “We’ve been through several iterations.”

This included a pilot rollout to eight branches, where one teller line per branch was converted over a six- to nine-month period. Gesa intends to officially roll out palm vein biometrics to its entire 18-branch network by the end of June, with most locations receiving two authentication readers and the busiest branches installing them across the entire teller line. “From an operational standpoint, it is shaving at least a minute per member for each teller engagement,” Bandaru noted.

Bandaru noted most members love the technology for its speed. “They are not engaged in a dialogue with a teller, who’s trying to authenticate them with a driver’s license, account or membership number, which they may or may not possess when they walk into a branch.” However, there is a tiny percentage of members still scared to try it, he said.

Gesa’s game plan is to eventually incorporate palm vein biometrics into its branch transformation to self-service. “We’re in the process of doing a Beta program with Diebold and Fiserv and continuing to look at other products to integrate the palm vein authentication,” Bandaru said.

Biometric verification is clearly becoming more common in consumer devices, security systems and ATM/point-of-sale apps, but its use as an authentication method in mobile banking and payments technology has helped it gain momentum.

The $3.3 billion, Portsmouth, N.H.-based Service Credit Union, originally founded at Pease Air Force base (now a National Guard base), uses biometrics internally and externally. The credit union, a hybrid community-based institution, consists of 230,000 members either living or working in the Granite State or as personnel on military bases; it runs 36 branches in New Hampshire, Massachusetts and North Dakota, and 14 branches in Germany.

In terms of technology, Service CU is progressive. “I would not say we are first, but we are in the first round. We’d like to make sure the technology is actually working before we turn it on,” Service CU COO Dan Clarke said.

“Going back to the mid-’90s, we were one of the first credit unions with an online presence,” Clarke recalled. The credit union offers a standard complement of Apple and Android apps for phones and tablets as well as desktop banking. It also offers Apple Pay, Samsung Pay and tokenization for cards. Clarke noted it was one of the first American credit unions to have EMV-enabled cards, mainly because of its membership base in Europe, which required EMV well before the U.S.

The credit union uses fingerprint authentication for all its work station computers through Digital Persona. “Instead of knowing a 47-character password you just use your fingerprint to log in. That is very helpful to all our staff,” Clarke said.

Externally, Service CU uses biometrics for its mobile banking through Apple Touch ID and Android Fingerprint ID, built through NCR, the credit union’s provider for desktop and mobile banking.

Because of the growing relevance of mobile banking, especially due its remote membership, biometric authentication became important to Service CU. “Mobile technology far exceeded desktop as the primary device for our members,” Clarke stated. “We were one of the first ones to use Touch ID. You’re saving our members a whole lot of time.”

Today, its members anticipate biometrics, he noted. “Originally when we started the process of adding Touch ID or Fingerprint ID it was more of a gee whiz technology – ‘Oh, this is cool. I don’t have to enter a password.’ Now it is more of an expected thing.”