For the third time, information from customers at a global Italian banking service has been leaked, pushing the need for the financial sector to have more urgency in using passwordless and biometric authentication.
UniCredit says that 3 million people were affected in the recent breach, but previously, hackers also accessed data that affected 400,000 customers in both September and October 2016.
Bringing in a safer approach
It’s thought that in financial organisations, 81% of data breaches come from compromised passwords and so, firms are now being urged to undertake more strategic biometric approaches to authenticate customers. Its hoped this will push banks to move forward in a digital age.
To adapt to the rapidly moving changes within cybersecurity, more organisations are starting to realise that mobile-first strategies, along with using biometrics, helps build a higher level of security as well as better customer experiences.
Jason Tooley, Chief Revenue Officer at Veridium comments: “Eliminating the password from user authentication is more easily achieved with the adoption of a multi-factor approach using a combination of possession, biometrics and artificial intelligence. However, to view solely biometric authentication in isolation is myopic and overlooks the wider opportunity. The role of biometrics is not to just replace passwords, but to create a verifiable Digital ID that businesses and governments can use to improve user experience, productivity, and security.”
Using biometrics correctly
Experts believe that using passwordless user experiences in the financial sector offers high levels of safety and helps reduce phishing and cyber breaches.
The Chief Revenue Officer adds that for this to work, however, firms need to ensure that they are using biometrics correctly. He says: “The native biometrics used by many organisations are not secure enough in isolation and replay passwords, defeating the object of transitioning to passwordless. Native biometrics were designed for ease of access and convenience rather than multi-factor authentication using digital ID. Organisations will see the greatest value in incorporating a multi-factor approach that includes cutting edge behavioural biometrics, adding quality and strength through intelligence such as location and unique mannerisms.”
Tooley continues: “Organisations who point to security breaches as a reason to avoid biometrics should look at innovation associated with encrypting the biometric data with techniques such as sharding or visual cryptography, which renders the sensitive biometric data unusable to the hacker. These concerns are to do with storage decisions, not the technology itself.”