Barclays is ramping up its fight against online fraud with the roll-out of a biometric scanner that uses Hitachi’s Finger Vein Authentication Technology (VeinID).
Unlike fingerprints, vein patterns are extremely difficult to spoof or replicate. Barclays Biometric Reader will allow customers secure access to their online banking accounts by simply scanning their finger using the device.
The compact device can read and verify the users’ unique vein patterns in the finger, helping to combat identity fraud that become a growing problem for businesses both in the UK and overseas over recent years.
The technology will initially be available to Barclays Corporate Banking clients from 2015. Corporate banking customers will be able to authorise payments within seconds, without the need for PIN, passwords or authentication codes.
The scanned finger must be attached to a live human body in order for the veins in the finger to match the correct pattern, we're told. Barclays will not hold the user’s vein pattern and there will be no public record of it – instead the pattern is stored encrypted on a SIM card that must be inserted into the reader.
Hitachi’s VeinID is already used by banks for password replacement, single sign-on and ATM machines in Japan, North America and Europe. However, the combination of vein biometric and digital signature technology in the Barclays Biometric Reader for online banking is claimed by Barclays as a financial sector first.
El Reg has covered Hitachi’s VeinID biometrics in the past. Hitachi reckons vein pattern-based authentication can offer higher accuracy rates than finger print recognition, with the added benefits that unlike fingerprints, vein patterns are extremely difficult to spoof or replicate.
The technology seems like a well-thought out means to protect corporate banking accounts which and indisputably a target for cybercriminals.
The use of a vein-based biometric offers a better potential for a secure systems than fingerprint-based biometrics without imposing any additional inconvenience for users. Security researchers have for many years uncovered security weaknesses in fingerprint-based biometrics, most famously using Gummi Bears to defeat sensors way back in 2002. Fingerprint technology has improved over the years but even so vein-based biometrics may still offer advantages.
"At the very least, people don't tend to leave a copy of their vein-pattern on random surfaces they touch. So, there's that," Sean Sullivan, a security advisor at security software firm F-Secure told El Reg.
Professor Mike Jackson from Birmingham City University’s Business School praised Barclay's use of finger vein technology, as it's more reliable than fingerprint biometrics, we're told.
"The most well-known biometric method is fingerprint recognition which can be implemented very cheaply. It’s reasonably accurate and fast, however, it’s open to forgery and fingerprints can deteriorate over time," Prof Jackson said.
"Finger vein technology is definitely the way forward as it can be quickly and accurately recognised. It’s also resistant to forgery because veins are located inside the body rather than on the surface. Finger vein patterns even differ between identical twins and don’t alter as you get older," he added.
Barclays suggested there may be a potential to roll out vein pattern-based biometric technology to consumers at some point, but the bank made no firm commitment on this front.
The launch of the Barclays Biometric Reader follows on from the introduction of voice biometrics for its Barclays Wealth customers to identify themselves on phone calls, removing the need for passwords or security questions. ®