Data about you that tells who you are. As much yours as the image of your face or your fingerprint. Biometrics is about collecting the data that identifies you as a person. It is the information that is used to unlock your phone or to confirm your mobile payments. Biometric technology is part of many of today’s most popular banking applications. In addition to delve into this technology that brings agility to the processes, we also analyze its operation, advantages and some tips for safe use. At Bizum we like to bring you up to date: having useful information is the first step to enjoy full security.
More and more people are relying on the individual physical characteristics provided by facial and fingerprint biometrics to identify them. Before moving on, let’s clarify some terms:
Identification
It is the process of recognizing an individual among a group. This is done by comparing the data of the person to be identified with the aspects of each individual in the group. Your fingerprint or a picture of you identifies you in relation to the rest of the people.
Authentication
This is the set of phases to prove that the identity claimed by a subject is true. Este proceso compara los datos del individuo únicamente con la información asociada a la identidad solicitada.
Biometric data
This is the data that makes it possible to identify an individual and can be physiological, physical or behavioral. Biometric data makes you a unique person and reveals more personal information than a password, for example. These include the face, the iris of the eye, the voice or the fingerprint.
It is already clear to us that biometric data identifies us and differentiates us from others. But have you ever wondered where it goes? The first thing you should know is that technology companies can neither use it nor share it.
The storage of this information is local and is not uploaded to the cloud. Most commonly, it is stored in a different memory than the main memory of the device. This security box ensures that these biometric data are kept safe. For this reason, after switching the cell phone off and on, it is necessary to enter the password, before anything else. The chip where the data is stored is accessed first. Depending on the operating system of your phone, this is done in one way or another.
It is a chip isolated from the rest of the device’s hardware. In addition to keeping information about fingerprints or facial features, it also keeps information related to mobile payments. Inside this processor, all information is encrypted.
iOS devices have an additional processor in addition to the main mobile processor that is unperturbed and cannot be accessed, even if infected by a virus. iOS uses This security system on all your devices, whether they are phones, tablets or smartwatches.
Let’s go back to a concept we saw earlier. By definition, a strong authentication system is one that requires you to provide at least two of the following: -Somethingyou know -Something you have -Something you are Biometrics would fall under the “something you are” heading. So, although it is a good method, it is not enough. If only biometrics are used, we are dealing with a weak authentication process, whereas using an access card and password is strong. To complete this strength in the authentication of users in banking applications, it is recommended to add to the biometric information, user data and password as something you know, or the digital certificate as something you have. Another option is the OTP or One Time Password ( OTP ). It is common that this is sent via SMS. But to avoid scams, frauds and security breaches, the trend is to send this code or second authentication factor through a notification in the App installed in the verified device.
However, technological progress in security is so fast that there is already a new standard, called FIDO (Fast Identity Online). This is an online authentication technique that reinforces security on mobile devices and web applications. It aims to replace the exclusive use of passwords with more secure biometric authentication mechanisms protected by encryption systems. Some Spanish banking apps already use it. In this way, online trust is reinforced and access to the app is speeded up without having to include digits or characters. Some banks already use biometric parameters, not only to facilitate access to mobile banking, but also to sign transactions without the need for the SMS one-time password. In this sense, the Spanish Data Protection Agency concludes that entities are within their rights to offer this technology to validate transactions, but only when users give their consent.
The truth is that biometrics is here to stay, bizumer. It streamlines procedures and makes payments faster. Your biometric information cannot be manipulated or modified. However, from the AEPD (Spanish Data Protection Agency) they give us more information to avoid confusion and problems and to use it 100% safely.
