Barclays is taking the fight to banking fraudsters by announcing the roll-out of finger scanners designed to authenticate corporate users by identifying unique vein patterns in their digits.
The Barclays Biometric Reader uses Hitachi’s Finger Vein Authentication Technology, “VeinID”, to grant customers access to their online accounts and authorize payments without the need for PINs or passwords.
Finger vein scanning technology is said to be more accurate than fingerprint biometrics and VeinID already being used by banks in North America, Europe and Japan for online authentication and in ATMs, Barclays said.
Security is further enhanced as Barclays won’t store users’ vein pattern records, and the scanned finger must be attached to a real person for the veins to be authenticated, the bank added.
The vein pattern information itself is apparently stored on a SIM card inside the device, heading off potential privacy issues.
Barclays Personal and Corporate Banking CEO, Ashok Vaswani, claimed that the technology would be a “game-changer” for UK businesses and consumers.
“This solution is at the leading edge of innovation and is in direct response to client concerns about the threat of online fraud while making our customers’ lives easier through its convenience,” he said in a prepared statement.
“We have shown the technology to a range of businesses and the interest and enthusiasm for the product is tremendous.”
Mark James, a security specialist at ESET, gave the news a cautious welcome but said the technology should be implemented in a “multi-layered” approach.
“If we can work towards achieving a secure environment than we should welcome it with open arms, but we must ensure that every attack vector is protected with continued testing and always looking for ways to improve their ability to store and protect our sensitive data,” he told Infosecurity.
Sestus vice president of products, Toyin Adelakun, cautioned that any biometric data used in such systems must be safeguarded with "stringent and many-layered" security.
"Barclays avoided describing this system as 'foolproof' — unlike in the case of its voiceprint system — but it seems equally confident in the security of this finger vein analysis-based system," he told Infosecurity.
"What is for certain is that the first publicized or high-profile breach will inevitably lead to a major media storm which might have the potential to do more damage to the bank — and its standing in the eyes of its high-net-worth depositors — than the actual breach itself."
VeinID will be rolled out to Barclays corporate customers from 2015 with the possibility of a consumer-wide implementation at some point after that.