Financial institution HSBC is now allowing account holders to use a selfie as a form of authentication when accessing an account. This method is part of a wave of new two-factor authentication strategies designed to prohibit fraudulent access.
At present, the feature is only available to new account holders and is seen as a way to attract younger demographics. Upon opening an account the user is required to upload a photo from an ID document like a driver’s license or passport. When the user attempts to access the account they are then promoted to submit a selfie through a mobile app that is compared to the official photo through an automated process. The app is available for both Android and iOS users.
Richard Davies, HSBC’s Head of Global Propositions for Commercial Banking, commented that “Through simplifying the ID verification process, we’ll be able to save our business customers time and open accounts quicker. We also expect the convenience and speed of a ‘selfie’ to become the verification method of choice for our customers, who no longer need to visit a branch to complete the process.”
Other forms of two-factor authentication are currently in use including voice recognition at Barkleys and fingerprint recognition at Bank of Montreal. Selfies are already being used by Mastercard and some smaller institutions.
A four-digit pin sent through SMS is the most widely used method, however. The advantage of this form of two-factor authentication is that it’s available to users who have not yet adopted a smartphone. The drawback is that it only verifies the device and is vulnerable to malware. Users also prefer methods that require as little additional effort as possible.
Biometric authentication like the kind being used at HSBC is seen as the natural solution. It is easy to use and is able to verify the user rather than simply the person possessing the phone. Selfies and other forms of biometric two-factor authentication are expected to become the norm in coming years. Previous attempts to improve cyber security by encouraging users to pick longer and more complex passwords have been met with a backlash done little to improve password strength. Biometric authentication mitigates this problem for both the person using the password and the organization issuing it.
Critics point out that facial recognition is still an imperfect technology that has the potential to lock out authentic users or grant fraudulent access. HSBC contends that extensive testing has revealed that instances of false positives/negatives fall within acceptable limits.