NatWest Bank is developing behavioural biometrics technology which could soon replace conventional passwords.
Behavioural biometrics analyse the unique ways customers interact with their devices when making online purchases – helping to verify the identity of a payee to ensure it’s actually the cardholder who’s authorising the payment.
NatWest’s roll-out of the technology starts next year when finance industry regulators will enforce strong Customer Authentication (SCA) across Europe because SCA is an essential requirement of the latest European Union regulations governing electronic payment services.
In the EU’s own words: “As electronic remote payment transactions are subject to a higher risk of fraud, it is necessary to introduce additional requirements for the strong customer authentication of such transactions, ensuring that the elements dynamically link the transaction to an amount and a payee specified by the payer when initiating the transaction.”
Although the UK isn’t part of the EU anymore, this is one of the regulations British banks and other payment services providers will still adhere to because the EU remains a significant trading partner and online payment services such as Visa and Mastercard are international.
NatWest says it will be the first bank to use behavioural biometrics specifically for complying with SCA. The bank goes further in stating that it plans for the technology to replace passwords altogether.
This is just another planned milestone by NatWest in an ongoing biometrics journey. It was one of the first to launch a biometric-enabled debit card trial, where customers were able to use their fingerprint when paying for goods worth more than £30. It was forced to withdraw the biometric support for its app on Samsung Galaxy S10s after reports of a glitch in the fingerprint sensor, but the bank is now testing out biometric fingerprint technology with debit and credit cards which will allow payments of up to £100 to be verified using a fingerprint instead of a PIN.
The behavioural biometrics planned for next year is a customised version of the technology developed by Visa and Visa intends to offer behavioural biometrics to all its partners using its end-to-end authentication solution VCAS. So UK businesses will need to plan for dealing with this kind of technology in their daily transactions with customers and suppliers.
Gary Jowett, from Computer & Network Consultants (CNC) in Brighton, said: “One of the disadvantages of passwords has always been users’ failure to use strong enough combinations and change passwords regularly. While most online payment systems already use multifactor authentication, the threat from cyber hackers is ever-evolving. Likely, cybercriminals are already finding ways to breach the multifactor security currently being used. Which is why behavioural biometrics will probably be an important component in most online payment services in the future.”