As an increasing amount of personal information is being stored digitally, the conflict between security and privacy is definitely ramping up. Data breaches, leak of personal user data and intrusive targeted advertising, have made consumers more privacy-conscious about their data. At the same time, biometric-based technologies such as fingerprint readers and facial scanners are encouraging users to give up even more privacy, in exchange for greater security and convenience.
How Security and Privacy Conscious are Your Users?
Online banking services gather users’ personal identifiable information (PII) such as name, address, email, phone number, ID number etc. for verification purposes and in order to keep their accounts highly protected and their data far from the hands of a cybercriminal. As explained by Jenifer Valdivia, Global Marketing Program Manager at Jumio, "security, especially the fear of fraud, is a top online and mobile banking concern among consumers of all generations." She continues by saying, "consumers will not understand the technology their bank is using, but need to feel confident that behind the easy user experience their financial data is protected."
Although users definitely want control over their privacy, most believe that online fraud is ultimately inevitable. Oscar Nieboer, Chief Marketing Officer at Paysafe Group, states that "most [online retail] websites are optimized, the checkout process is increasingly simple, and delivery is getting quicker. In turn, more consumers are telling us they are accepting a level of fraud for this convenience."
So indeed, it’s a vicious cycle of sorts.
Authentication methods require providing personal information in exchange for reduced friction for the customer – without compromising security. High-security applications such as banking apps, password vaults, and lock screens, rely heavily on fingerprints for user authentication. In fact, methods, such as fingerprint scanners, are becoming more commonplace, with ⅓ of British consumers using them to authenticate payments. With a fingerprint scanner, authentication is based on something you have (a fingerprint) rather than something you know (a password).
But how do consumers actually feel about sharing this kind of personal data? Initially, consumers were wary of fingerprints. The iPhone 5s's fingerprint recognition system – Touch ID – sparked a public debate on whether storing fingerprint readings on a mobile device puts consumers at risk. Over time, consumers began to recognize the value and convenience, in exchanging their fingerprints for greater security, and today, 2 out of every 3 smartphones has a fingerprint sensor. However, users are also more aware of the risks and vulnerabilities involved in cases of static biometric data such as fingerprints or face scans, being stolen or bypassed.
Dynamic Biometrics: The Winning Solution for Balancing Privacy and Security
What can replace PII? Customers data that is less personal, but is still unique - Dynamic biometrics.
Dynamic biometrics track a number of measurements over time to create a complex, user-specific profile. Unlike static biometrics, dynamic biometrics factor in multiple variables, making it much harder to replicate without requiring sensitive personal information. When used with behavioral biometrics, these measurements include swiping gestures, typing speed and rhythm, finger length and more. This makes dynamic biometric measures harder to bypass, providing greater security to users without requiring them to place their PII at risk. The combination of stronger security, lower risk, and less private information, will likely make dynamic biometrics far more appealing to users than facial scans or fingerprints.
Bridging The Gap - Security and Privacy
The security vs. privacy debate is far from simple, and it’s anything but static. Users are willing to share personal information if it leads to greater security, especially when it comes to protecting their finances. But they are also willing to give up on security if it leads to greater convenience.
Mobile banking and shopping apps should offer a great user experience, but they must ensure that customer data is both secure and inaccessible to threat actors. Static biometrics may have worked in the past, but today the threats are too sophisticated. Behavioral biometrics offers a much more convenient and secure solution, allowing banks to balance security and privacy.