Mobile Commerce Daily is now Retail Dive: Mobile Commerce! Click here to learn more!

Mountain America banks on eye-scanning for mobile security

Mountain America Credit Union is taking steps to safeguard data on smartphones by letting users of its mobile application log in by swiping a finger or use a phone’s camera to image unique eye patterns.

In one technology, an image sensor scans a fingerprint, while in the other an analysis is made of the map of blood vessels in the whites of the eyes. The features point to how banks are stepping up efforts to make the mobile experience secure as research shows security remains one of the biggest hurdles to driving mobile payments adoption.

“In a mobile banking app, users voice security as a top concern,” said Rob Cummings, senior vice president for online and mobile banking with Mountain America, West Jordan, UT.

“Biometrics is a more secure method of authentication than the standard password or PIN, thus we expect it to significantly allay security concerns.

“It provides an extra layer of identification for a user, especially if the user selects the option to utilize both the fingerprint and eyeprint together for authentication,” she said. “This specific feature allows the user to log in securely in under 10 seconds.”

Reading eyeprints
Mountain America, with more than $4.5 billion in assets and serving more than 525,000 members through online and mobile banking, developed the technology with Access Softek for the mobile banking platform side, and EyeVerify for the Eyeprint ID technology.

MasterCard is exploring ways to make payments safer and simpler.

For fingerprint authentication, the image sensor on the device scans the fingerprint, analyzes ridges and converts it into mathematical code. The code is stored in the mobile device and used to compare against future scans.

Users can add up to five fingers, and the device can read fingerprints from any angle.

EyeVerify works by using an individual’s unique eyeprint. The eyeprint is the map of blood vessels in the whites of the eyes, which is unique to each person. Each person has two eyeprints in each eye.

The enrollment process involves following a dot around the screen with one’s eyes to capture the eyeprint. Once enrolled, authentication is simple. To launch the app, one holds the device to eye-level and it will quickly scan the eyes.

In less than three seconds the user is authenticated and in the app.  

Biometric login is available to Mountain America members on Apple devices and newer Android devices. The system currently is in beta release, which allows for product refinement.

Biometrics is gaining attention as Visa and MasterCard turn to the technology or another innovative system, tokenization, to safeguard customer data on smartphones.

Visa recently said it would expand a program that replaced 16-digit account numbers with a unique series of numbers called a token in online and mobile payments.

MasterCard also announced a pilot program with First Tech Federal Credit Union to use biometrics such as facial and voice recognition as well as fingerprint matching to authenticate transactions.

Biometrics also received attention following the introduction of Touch ID by Apple last year. The finger recognition technology enabled users of newer iPhone models to unlock their device and complete purchases using Apple Pay, with the fingerprint information stored locally.

While financial services organizations and technology companies have high hopes for mobile payments, consumer adoption has been slow, in part because of perceived issues around security. Many consumers are concerned that their personal data stored on a phone could be accessed if the device were stolen. At the same time, a series of high-profile data breaches also has consumers about data being stored remotely.

Preserving security
“In the mobile world, having to enter a complex password is a deterrent to frequent use of an application,” Mr. Cummings said. “Biometrics allows the user a simple and easy way to authenticate without losing the security required for a financial application.

Boosting security on mobile.

“It enables a user to enter in the password one time and tie that complex password to their individual, device specific biometric, which boosts the security,” he said.

Final Take
Michael Barris is staff reporter on Mobile Commerce Daily, New York