ISO dishes up biometrics standard for banks
The International Organization for Standardization (ISO) has released a standard for the use of biometric authentication at financial institutions but banks are unlikely to invest in the technology.
ISO standard 19092:2008, called Financial services - Biometrics - Security framework, describes a security framework for using biometrics for the authentication of consumers and staff in financial services by fingerprint image, voice identification, eye scan and facial image.
The standard covers the transmission, storage, disposal and security of customers' biometric information by financial institutions.
However, financial institutions in Australia will be unlikely to use the standard for consumer banking, given the adoption of alternative technologies that are cheaper to deploy than biometrics, according to one security analyst.
"The reality here in Australia is that our fraud levels are comparatively low and so the banks struggle to justify the massive expense involved in rolling out snazzy authentication systems," IBRS security analyst James Turner told ZDNet.com.au.
According to the Australian Payments Clearing Association, the rate of card related fraud in Australia remains small compared to other countries such as the UK. Despite a small rise in debit and credit card fraud activity since in the last quarter's report, APCA's fraud figures revealed that nine out of every 100,000 transactions are fraudulent, compared to the UK's rate of 141 for every 100,000 transactions.
"It's cheaper for the banks to reimburse individuals for instances of proven fraud than it is to roll out stronger authentication systems," Turner added.
While fingerprint, facial and eye-scan biometrics are not widely used in Australia, biometric voice authentication has found a home in the Australian insurance industry as a means to verify callers. Voice biometrics has also been touted as a means to allow businesses to use offshore call centres without needing to transfer customer information to countries not covered by Australian privacy law.
Biometric authentication is also becoming popular with law enforcement and government agencies. Recent local deployments include Australia's Department of Immigration and Citizenship and the NSW Police.
Privacy groups however, have raised concerns about the use of biometric information by governments and business. A recent report criticised Australia for the "systematic failure to uphold safeguards" against the abuse of biometric information.