It may be a staple of Hollywood movies, such as Judge Dredd or Minority Report, to use retina-scanning to make the point that the movie is set in the future or to engender fear in horror movies by having the bad guys remove eyes to get access to retina-scan locked buildings, but reality is catching up as biometrics are moving mainstream in many industries in order to control access to particular sections of the building or to monitor hours worked. The question is whether it adds any value to the life and pensions sector or whether we should consider it as a fad that will fade without us spending the time and money to get involved.
The key point about biometrics is it takes all the difficulty out of authentication. With biometrics, the horror movies notwithstanding, one can be certain that the individual requesting the transaction is one who is fully authorised to do so. With authentication of the order being a key issue for everyone involved in financial services, and severe penalties in place for getting it wrong, this would appear to be a major advantage for our industry.
Already in the personal banking world, biometrics are getting used more and more. This is the inevitable result of far more personal financial transactions being authorised via smart-phone apps. Phones are frequently lost or put down and not everyone is completely secure regarding their PIN. Therefore, biometrics have come into vogue as a definitive way of ensuring that the individual accessing the account is somebody who has the authority to do so.
We need to be careful. The first type of this technology available to the masses was finger-print recognition. It is very secure; however, cases have been reported of people accessing their partners phone whilst he or she was asleep by holding the sleeping partners finger on the phone to get it to unlock. This was primarily to check emails and texts for signs of infidelity, but it showed a vulnerability that meant many have become wary of allowing their banking to be totally controlled just by their fingerprint. Voice recognition has also received a knock-back after a twin accessed his brother’s bank account in the UK.
However, other biometric technologies such as retina-scanning do not suffer from the same vulnerabilities and are growing in popularity as the public comes to appreciate the simplicity and effectiveness of this compared to the alternative of making passwords even more complicated. A global report for the BBC found that people in the UK were more in favour of these technologies than in any of the other ten countries surveyed, in particular iris recognition, as a means of securing their financial assets.
This raises questions as to whether the life and pension industry should be examining this area or whether it should leave it to the banks, given the relatively lower level of transactions that happen in life and pensions compared to retail banking. Whilst it is true that life and pensions transactions are significantly lower, perhaps the answer should depend on the level of risk to your company in the event that security is breached, and an unauthorised user gets access to the policy.
Clearly there would be a loss suffered by the individual in the event of a drawdown or surrender being made by an unauthorised user but even if the unauthorised user just gets access to the information, it would be a severe breach of data protection rules and the company would be liable for very high fines from the regulators along with damages to the individual involved.
Combine this with the ever-growing demand for access to financial information, including policy and pension valuations, by the always-online younger generations and no financial services company can avoid providing tablet and smart-phone access to their information forever. Once they do, security of the information and authentication / authorisation of the users for the range of transactions possible will become a major headache for all life and pension providers.
Biometrics are therefore going to become a key part of all financial companies’ efforts to prevent fraud and protect their own huge store of financial information, information that is always under attack due to its enormous value compared to many other industries. The time to start examining it is now, before far too much of the data is opened up to online-services. The simple act of “signing in” is the point at which most accounts are most vulnerable and therefore it behoves each company to put a lot of effort into ensuring their gateways into their systems are completely secured and that each individual granted access is properly authorised. Otherwise, a major public security event will happen and the company’s long-standing reputation for financial security will be lost in the blink of an eye.
This article was originally commissioned for Inner Workings, a monthly column written by Tom Murray, in the March 2018 edition of the Actuarial Post.
Google Plus: TomMurray