Biometric Tokenization Delivers Financial Services the Best in Security, UX

HYPR_home_sdk_2

A question that providers are prodded to answer is how to safeguard identity while not burdening the end user too heavily with new tasks when they access their accounts online, whether on desktop and mobile. This question, however, is a flawed one since within our reach is a solution that markedly enhances user experience (UX) while providing the best security available.

The marriage of biometrics and cryptography along with advances in mobile has made biometrics a viable, immediately-deployable, and scalable replacement for yesterday’s flawed username and password authentication scheme. The solution is called  tokenization, and our partners are already implementing it to eliminate passwords, lower enterprise risk, introduce IT efficiencies, and preserve user privacy.

What remains when passwords are left behind is a new UX where the user registers his or her biometric signature on-device, and when their banking app prompts them to log in, transact, or otherwise assert their identity he or she simply authenticates using the device’s embedded fingerprint sensors, camera, microphone, or combination thereof. When accessed, a cryptographic challenge-response validates the identity, login, transaction, or communication in under a second.

The biometric data is decentralized across millions of user devices, meaning the financial services institution no longer holds customer data as it currently does with passwords and PIN codes. It also means that the user is in possession of his or her biometrics, and that these encrypted templates are stored offline in trusted zones found on the devices.

Biometric tokenization such as the FIDO UAF standard HYPR supports is integrable with existing security architectures, requiring no overhaul, and HYPR is interoperable with the diverse biometric sensing modalities, biometric sensing vendors, operating systems, devices, and enterprise applications in use and in place. Bank employees using internal applications on desktop are treated to the same UX that their customers using a consumer-facing mobile app are, and a user’s mobile device can communicate over Bluetooth low-energy (BLE) to navigate desktop applications.

The underlying security that decentralizes and encrypts biometrics also delivers the best UX Internet users have ever known. Biometric tokenization eliminates passwords—it doesn’t corral passwords into a single sign-on, and it doesn’t cause the actioning of an on-device biometric to unlock the phone or paste in passwords. This is true password elimination for the best UX plus top security—no workarounds or corner-cutting.

Enterprises like and their customers can finally “forget about forgetting” when it comes to the credentials they once used to access accounts, and when a device is lost the biometric template, lacking its owner, is rendered useless. Public keys on the enterprise side are also revocable, adding another layer of confidence to the enterprise and user.

Biometrics has brought us such a long way in security innovation because of the security in its own right. What’s not widely known is that there is a usability revolution in the making as a byproduct of the hard work companies like HYPR are doing to finally make online banking safe.


is CEO is Co-Founder & CEO at HYPR

is Partner at HYPR Asia Pacific.