No company or consumer is safe from cyber-attacks, and financial services firms represent a huge opportunity for hackers. Protecting clients’ information and accounts is as much about developing technology that’s difficult for a hacker to overcome as it is about educating consumers about their behavior. Simple passwords aren’t secure, but considering the amount of business consumers conduct online, remembering long strings of numbers and letters that are distinct for each website is unrealistic.
Technology providers are combating that in different ways. Companies like LastPass save and autofill passwords so users can easily create the kind of difficult passwords recommended by security experts. Others offer USB tokens that are used in addition to passwords; hackers must have both the token and the password to break into an account.
Hoyos Labs, a New York-based digital infrastructure security company, has created software that uses biometrics to authenticate a user. The firm’s HoyosID identity assertion platform can be used to access websites, doors and now ATMs, according to the company.
Biometrics are “the way of the future,” Hector Hoyos, CEO of Hoyos Labs, told Investment Advisor in February. “The password is dead.”
Banks can use Hoyos Labs’ software to modify their existing customer app and their back-end server software, which will produce a QR code for the customer on the ATM screen, Hoyos said. The bank customer will open the app on her phone and scan the QR code that appears on the ATM.
“That sends a message to the back-end system of the bank that returns an authentication request to your phone. You look at your phone and of course your biometrics matches you and sends a message to the bank saying, ‘Yes, this is Hector,’ and out comes your cash,” Hoyos said.
The QR code is generated using biometric open protocol standard (BOPS), a standard patented by Hoyos Labs and certified by the Institute of Electrical and Electronics Engineers. “BOPS is the framework that establishes all the rules for the way in which biometrics need to be implemented in end-to-end identity assertion platforms,” Hoyos said.
Liveness is another level of biometric protection. If a hacker uses a video or photograph of a potential victim to try to get past iris or facial recognition technology, liveness can identify those images as false and deny access, Hoyos said.