At some stores like Whole Foods or Amazon Fresh, customers can make a purchase simply by placing their hand on a sensor. No cash, no credit card, not even the flash of a banking app on their phone.

“You basically link your palm print to your credit card, and so then at the point of sale, you don’t have to present any credit card—you just show your palm,” explains Anil Jain, professor of computer science and engineering at Michigan State University.

“If … many people are willing to ditch the username/password in favor of something else, that’s an encouraging sign for banks.”
—David Mattei, Aite-Novarica Group

Jain notes that contactless palm readers boost reliability by using two forms of biometrics: the pattern of lines on a palm, as well as the arrangement of the underlying veins.

For community bankers, biometric measurements like palm prints—and the far more common fingerprint or face scans—are an intriguing way to fight fraud.

Alongside improvements to the technology come increasingly positive attitudes toward biometric authentication. As recent data shows, arguments about Big Brother and inconvenience are dying down.

For instance, when 2,200 consumers based in the U.S., the U.K. and Singapore were asked about their preferences for self-authentication, the traditional username and password method was seen as poor from a security perspective, according to David Mattei, strategic advisor for Aite-Novarica Group.

While usernames and passwords still predominate in authentication, they have a problem: They’re notoriously easy to hack, says Mattei. Until quite recently, though, their popularity made them difficult to dethrone.

That’s changing. Mattei notes that nearly three-quarters of consumers surveyed in late 2022 expressed a willingness to switch from password protection to another authentication method.

“If that many people are willing to ditch the username/password in favor of something else,” says Mattei, “that’s an encouraging sign for banks.”

Which type of biometrics is right for your bank?

When it comes to common biometrics, the big three are fingerprints, face and iris, followed by speaker or voice identification, palm prints and signatures, says Nalini Ratha, empire innovation professor at University at Buffalo–SUNY’s school of engineering and applied science.

Each form has strengths and weaknesses. Voice recognition, for instance, is increasingly important for banks hoping to verify a customer’s identity when they contact a call center, but it’s imperfect. “Speech can be corrupted by ambient noises,” Ratha says. “If I’m at an airport and loud announcements keep coming, it’s challenging.”

It’s a similar situation for facial recognition. According to Jain, biometric readers are “very sensitive to [background] illumination” and to the way that a user presents their face. “If a person is wearing a cap or sunglasses—or in the wintertime has a hood or mask covering part of the face—then face recognition could become problematic,” he explains.

Even with built-in limitations, biometric technologies have improved dramatically. In the past, for example, the appearance of facial hair or eyeglasses could throw off face recognition technology. Today, says Mattei, scanners digitize various aspects of the face that do not change, such as the distance between an individual’s pupils or between the tip of the nose and the upper lip. In other words, he says, machines are “looking at key points of the face itself and drawing information out of that.”

Of all biometric authentication methods examined within an Aite-Novarica survey, fingerprints scored highest in terms of customer preferences, with 80% of consumers viewing them as “effective or very effective,” says Mattei. One-time passcodes took second at 76%, followed by facial recognition with 70%. Eye biometrics and two-way text message, both at 68%, tied for fourth.

Bank biometrics in practice

Just as with passwords, biometric authentication should be “combined with other things to make it secure,” says Joel Williquette, senior vice president, operation risk policy, at ICBA.

In this regard, cell phones have been an enormous boon for biometrics, because they automatically serve as a form of multifactor authentication. A user must access a specific mobile device, which is one form of authentication, and then identity is proven with a face or fingerprint scan, which is the second form.

Another way to increase the reliability of biometrics is the burgeoning field of “behavioral biometrics,” says Mattei.

If one form of authentication lets you in the metaphorical front door, then, he says, “you still want to be monitoring the behavior of that person inside the house because, unfortunately, there are ways to circumvent any form of authentication out there.”

With behavioral biometrics, a system might, for instance, monitor how fast a user types their last name or Social Security number. “I know my Social Security number off the top of my head, so I type it in pretty fast,” says Mattei. “A fraudster has to check an Excel database.”

Whether it’s traditional or behavioral biometrics or a combination of both, one sticking point for community bankers has been that these technologies are so new and seemingly futuristic that even formulating the right questions to ask vendors can be challenging.

“There are so many questions you should ask,” says Williquette, “but it is difficult to think of all the right questions until [the technology is] running in your environment.”

His advice to community bankers? Start with a small biometric banking implementation before going live in a big way. Better yet, ask vendors to log into their test environments so employees can try out biometrics over days or weeks.

“If vendors believe they have a good product,” concludes Williquette, “you should be able to try it before you buy it.”