Unquestionably, Online Banking has profoundly changed day-to-day money management, enabling most transactions to occur without actually going to the bank. Moreover, the industry is taking security and convenience to the next level by allowing face recognition online banking.
Most people could do without remembering unnatural passwords with numbers and special characters or cumbersome second-factor authentication schemes, such as responding to emails or entering one-time passwords.
Face recognition technology has the potential to provide frictionless, convenient and faster sign-ins. As a result, bank customers wouldn’t have to remember or enter anything and only show their faces to the camera.
Until recently, face recognition online banking would have been considered something out of a Mission Impossible movie. Yet, the development of face recognition-capable smartphones and computers placed this advanced tech at the fingertips of just everyone.
Many national banks in the USA, such as Bank of America, Chase, Citibank and Wells Fargo, have already implemented face recognition mobile banking apps. Still, there are plenty of opportunities to promote and develop new projects since banks worldwide are yet to adopt the technology.
This post will discuss how face recognition works, where the technology fits in the online banking workflow, some security and privacy concerns and what technology decisions banks need to make.
In this article:
How Face Recognition Works?
Think for a moment about how people recognize their friends, family or coworker’s faces. It is by familiarizing themselves with their facial features, eyes, nose, mouth, and how they combine.
That’s not very different from how facial recognition technology operates but on a grand, mathematical scale. Computer systems scan faces from live cameras, photographs, or video and then build a detailed map of the face.
Machines don’t perceive faces; instead, they read those face maps, making comparisons to determine matches.
The actions followed by most face recognition systems are:
- They capture your face using a camera, photo image or video.
- The facial recognition software reads your face and builds a mathematical representation, utilizing many different facial features, like the distance between the eyes and the forehead to the chin. This detailed map becomes your unique facial signature.
- Later, when you are signing on to a Bank application, it captures your face and compares it with your stored facial signature. If there is a match, it grants you access.
Face recognition technology entails many benefits, such as fast and non-invasive identity verification.
Nevertheless, it also has its share of detractors that point out face recognition disadvantages. According to critics, it is detrimental to individual privacy; data breaches could occur and is not sufficiently reliable.
Where Face Recognition Fits in the Online Banking Workflow?
When taking on a face recognition online banking project, you need to understand where the technology fits the online banking processes.
Face recognition technology serves authentication purposes. The bank verifies that you are the owner of the accounts and grants you access to the system. Therefore, any point at which the system checks identity can integrate face recognition.
The following illustration shows a simplified online banking workflow. The green boxes represent where identity verifications occur.
Face Recognition Online Banking Sign-In
The most obvious place for considering face recognition in online banking is for sign-in purposes. So, instead of entering your password, you could access the system by showing your face to the smartphone or PC camera.
Every once in a while, customers will forget their passwords, requiring them to reset them via one-time codes sent via text messages or email. Consequently, face recognition at sign-in is a lot faster than entering your password.
Face Recognition on Unusual Sign-Ins
Most banks require a second-factor authentication when customers attempt a sign in from a new device or an unusual geographical location. In most cases, the system uses a challenge question or a one-time password.
Face recognition would provide faster, more convenient means. Users would not have to remember the challenge question answer, receive or enter a token.
Face Recognition to Make Sensitive Transactions
Most banks also require a second-factor authentication when customers make sensitive transactions, such as configuring a new frequent transfer recipient. Also, banks often require authentication when making money transfers above specified amounts.
In these circumstances, the bank system usually requires a one-time password, entering the debit card PIN or both.
Again, face recognition offers a faster, more convenient way of authenticating money transfers.
Face Recognition to Change Contact Information and Security Settings
Generally, online banking systems put a password wall to enter or change phone numbers, emails, addresses, security settings and more.
Face recognition offers a way to authenticate access to those functions easily.
Can Face Recognition Completely Replace Other Authentication Methods in Online Banking?
You might think that face recognition could make one-time passwords sent by text or email disappear entirely. Don’t arrive at such conclusions too quickly.
New regulations have established that face recognition alone is still not secure enough for mobile banking. For instance, Europe’s Payment Services Directive promulgated in 2019 requires banks to use two-factor security even for basic things like logging into an account.
Under the Payment Services Directive, basic features like viewing your account require just one factor (in that case, the one applied at sign-in). However, online transactions over specific values must be two-factor authenticated. While the Payment Services Directive jurisdiction is limited to Europe, the rest of the world’s trend is also to increase mobile banking security requirements further.
Face recognition still counts as one factor. Therefore, banks must supplement it with a password, a token (one-time password) texted to the account holder or another method.
For more convenience, banks can give their customers options. For instance, the user could choose face recognition as the first factor (for online banking login) and a second factor (a token) for transfers and configuration changes. On the other hand, the customer could still use a password as the first factor and then use face recognition as the second factor.
Security and Privacy Concerns
A recurring problem with online banking sign-ins is password data breaches. Firstly, users can easily share passwords and lose control over them. Secondly, hackers can breach databases to steal them or use social engineering to guess them.
An advantage of face recognition authentication is that it doesn’t depend on the person’s face necessarily being secret. Nevertheless, as fraudsters might attempt to use a photo or video to impersonate the bank customer, there are security concerns. Still, if the online banking system employs anti-spoofing and liveness detection, this is virtually impossible.
“Anti-spoof technology and Liveness Detection are two techniques used in biometric security for online banking,” Says Sam Bakken from OneSpan, a digital identity and anti-fraud technology company based in Chicago. These technologies prevent “presentation attacks,” in which a fraudster attempts to fool the system using photos or masks.
On the privacy side, bank customers could be concerned about the misuse of their face data. For example, if banks share customer’s face data with other companies to give them the ability to recognize them in different settings. Banks need to implement privacy policies and procedures that prevent that from happening to counteract these concerns, keeping customer face data secure. Also, face recognition authentication should be optional and not mandatory, asking users to give their consent.
How to Implement Face Recognition Online Banking
A crucial factor to consider when taking face recognition online banking projects is which service channels to serve first, including web and mobile banking. Another critical decision is using Application Program Interfaces (APIs) from big tech companies that dominate the smartphone and PC space or developing proprietary technology.
Web or Face Recognition Mobile Banking
Most banks’ main online channels used to be web browser applications, which users can access from their personal computers and mobile phone web browsers, such as Chrome, Firefox, Internet Explorer, Safari, Opera and others.
However, with the smartphones’ arrival, developing native applications that leverage mobile device functionality became possible. As a result, banks rushed to create apps for iPhone and Android users.
iPhone and Android banking applications are better than web browser software because they are closely integrated with the device’s operating system. Developers can make online banking applications faster and better manage the visuals on the smartphone’s limited-size screen.
Another crucial decision for the face recognition online banking project is to first integrate this new authentication method for a subset of customers, such as iPhone users, or in all mediums at once. The technology for the three channels, Web / PC, iPhones and Android, are dissimilar and each requires projects of their own.
Operating Systems API or in-House Apps
Another significant decision in a face recognition banking project is whether to use external APIs or develop the face recognition capability in-house.
A few years back, the latter would be the only option, as there were no third-party face recognition Apps available. However, as the smartphone market and technology developed, the big tech companies behind the two dominant mobile phone operating systems, Apple and Google, integrated face recognition functionality into their newer devices.
Apple Face ID allows iPhone users to unlock their phones using facial recognition. Moreover, Apple offers an API that puts that functionality in the hands of Apple app developers. As a result, mobile banking application developers can reutilize the Apple Face ID API without developing any new software.
Also, Google developed its “Face Unlock” technology for its Android Pixel 4 and Pixel 4 XL newer mobile devices.
Moreover, with Windows 10, Microsoft joined the face recognition frenzy, launching “Windows Hello,” allowing newer PCs to authenticate via face.
Advantages of using operating systems APIs
The availability of operating system face recognition functionality is a significant factor to consider in face recognition projects. When a bank integrates Apple “Face ID,” Google “Face Unlock” and “Windows Hello,” they can cover most users without significant investments.
With operating system face recognition APIS, the development team can leverage functionality already developed and tested by tech giants such as Apple, Microsoft and Google, the product of millions of dollars in investments.
The alternative would be for banks to develop and test their technology, which doesn’t make sense if third-party products are available at no cost. However, banks must also consider that reusing software has its disadvantages. It effectively puts security in someone else’s hands, with regulatory and liability implications in case of breaches and customer money loss.
Who Has Launched Facial Recognition Banking Apps?
Banks like HSBC, Chase, Citibank, Bank of America and Wells Fargo have already developed face recognition online banking Apps.
Bank of America App Face ID
Bank of America implemented facial recognition login on its iOS native App, using the Apple Face ID system. Face ID is only available for the iPhone X, X, XS, XS Max, XR, 11, 11 Pro, 11 Pro Max, 12 Mini, 12, 12 Pro, 12 Pro Max, iPad Pro or newer models. Older iOS devices don’t have Face ID incorporated.
It is essential to consider that if you register multiple Face ID profiles on a single device, all those people can access your bank account. Therefore, it is good to stick to one person’s stored biometrics per device (fingerprints and faces).
Furthermore, Bank of America updated its Android online banking app to support “Face Unlock.” A Google-developed system for its Pixel 4 smartphone. As vendors enable Face Unlock on their newer devices, the Face login user covered is expected to expand.
Facial Recognition HSBC
HSBC has also enabled Face ID for its iPhone X or above devices using its iOS native App. Users can enroll by accessing their profile in the App. HSBC recommends allowing Face ID only if you’re the only person who has registered a face to your device.
Face recognition online banking is only available for iOS at the time of this publication. Android users can only use fingerprint authentication, but no Face Login as of yet.
Chase Face Recognition
Chase Bank introduced Apple Face ID to their mobile banking apps for iOS devices in November 2017.
Furthermore, they started rolling out Face Unlock to their Android app users. However, although the rollout began in June 2020, it was only for a select number of users (not all at once). Since then, Chase has been slowly rolling out this new feature.
Citibank Face Recognition
The Citi Mobile App also supports Apple Face ID for the iOS version of the App. Moreover, Android Central reports that the Android version supports Face Unlock if you have a Pixel 4 device.
Wells Fargo Face Recognition
Wells Fargo Mobile iOS version also features Apple Face ID for signing on. It automatically prompts when logging into the App when the user enables the feature on the phone settings. If the prompt doesn’t show up, the user can click on the link below the main screen.
Besides, Wells Fargo Mobile also supports Android Biometric Sign-on (a.k.a. Face Unlock). Only select Android devices are Face Unlock capable, as explained previously.
Face Recognition Online Banking Is an Imperative
Many global and USA national banks have integrated face recognition online banking technologies. As a result, having face recognition is no longer a nice to have; becoming a minimum business requirement.
Moreover:
- All five banks we presented here implemented the technology by relying on big tech APIs, such as Apple Face ID and Android Face Unlock.
- Apple Face ID is widely available on all iOS devices from iPhone X and iPad Pro. However, Android Face Unlock is only available for the Pixel 4 devices manufactured by Google. Still, surely other Android device manufacturers will follow suit and integrate Face Unlocking capabilities.
- When using Face ID or Face Unlock, banking apps rely on the smartphone to validate identity. Banks don’t collect face map information, which is excellent news for those concerned about privacy.
- Banks disclaim that if users configure more than one biometric profile on their smartphones, all will have access to the online banking apps using face login.
Facial Recognition Online Banking Is Here To Stay
This post presented a guide for the adoption of facial recognition online banking technology. We discussed how facial recognition works and where it is relevant to the online banking business processes.
We explained that, as with any authentication technology, hackers could attempt to fool face recognition. Moreover, we showed how anti-spoofing and liveness detection could prevent that from happening.
Also, we examined the decisions that banks must make, including whether to develop their software or rely on third-party products like Face ID, Face Unlock or Windows Hello.
Many of the big global banks already are giving their customers the possibility of face login. Nevertheless, there is still plenty of opportunities to offer services and conduct projects on national and regional banks and specialized lending institutions.
We invite you to take action now. Are you part of a banking institution? Are you a software developer? There is an ocean of opportunity. Start exploring this new technology with our posts about Facial Recognition Search Engines and Face Recognition Ready to Use Online Tools.
Have you opted-in for face recognition online banking? What are the pros and cons? What is your view banks and developers need to do to facilitate its adoption by customers? Leave a comment below.
Subscribe To Our List
Further Reading
NCR. Is Facial Recognition the Future of Online Banking Logins?