AI and biometrics will provide a new level of multi-dimension digital security for online and mobile banking which was elusive and unattainable in the past. The privacy and confidentiality of PII and personal biometric data (original raw data should be discarded after enrolment) is not undermined nor compromised by a robust biometric system. The biometric template, a mathematical code of a few thousand bytes or more, is equivalent to a password ciphertext or hash value, but vastly more secure as it has no decryption key, and which is immune to reverse engineering or brute force attack, is used for authenticating the customer based on his/her claimed identity. A biometric template of say 2,400 bits will have a permutation variable size greater than the key space of a 256 bit AES cryptographic system. It is not physically or functionally feasible to brute force attack a 256 AES bit key size encryption system. The universe space of a 2,400 bit biometric template system is much bigger than AES 256 bit key space. So, hacking or breaking a biometric template is infeasible. Biometric systems are not interoperable and should not be "shared" or multi-tenanted in any cloud. Your identity is better protected by a strong biometric system than any password or knowledge-based challenge response system. As always, 2FA (Two Factor Authentication) is the foundation on which a biometric system should operate.

1. B I O M E T R I C S
THE FUTURE OF AUTHENTICATION
Tony Chew
Industry Consultant
tonychew8@me.com
6 MAY 2018

2. 2
https://www.anz.com.au/promo
/personal/ways-bank/Voice-ID/
https://www.permata
bank.com/
FACE AND VOICE BIOMETRICS
IMPLEMENTED BY BANKS AROUND THE WORLD

3. 3
I D E N T I T Y V E R I F I C A T I O N
PATTERN / VEIN /
3

4. 4
Eye
Deployment of Biometrics in Banking

5. Simpler, faster and stronger authentication
WHY WE NEED BIOMETRICS
5

6. 6

8. 19 February 2016
8
UK, France, Mexico, Canada and USA.

9. AT OCBC, MY VOICE IS MY PASSWORD
9

10. 5 October 2015
10

11. 11

12. AUTHENTICATED
12

13. BIOMETRIC TEMPLATE IS IRREVERSIBLE
WHY ENCRYPT?
13

14. ANDROID
14
APPLEWINDOWS
FACE BIOMETRICS
FRR 5% @ FAR 0.001%

15. FaceID accuracy 1 : 1,000,000
2D vs 3D15

16. 16

18. Mobile App Security
18
Device Binding
Jailbreak and Root
Detection
Device encryption
Push Notification
Secure Storage
Geolocation Fencing
Face Authentication
Voice Authentication
Dynamic One-Time-Password
Challenge Response OTP
Transaction Signing
Eye Authentication
Fingerprint Authentication

19. ROC CURVE TEST SCENARIO
1,000 enrolments
1,000 live samples
Cross matching to plot FAR vs FRR results
Expected outcomes:
1,000 genuine scores
999,000 impostor scores
19
Measuring biometric accuracy

20. Matching score
FAR vs FRR
20

21. REGULATIONS FOR PROTECTING BIOMETRIC DATA
Definition of personal / biometric data
Consent of data subject Revocability of consent
General principles of protection
Roles of controllers / processors Security and compliance21

22. 22

23. Any questions?