Anyone doing business with a bank demands security. But in corporate banking, the stakes are often higher, with multimillion dollar transactions that financial institutions need to keep safe.
At Wells Fargo, corporate users of its Commercial Electronic Office (CEO) platform for mobile have a lot to handle when it comes to authentication: multiple passwords that change every 60 days, hard tokens, pins – and that’s just for one bank.
Secil Watson, who heads Wells Fargo’s Wholesale Internet Solutions, told PYMNTS that this cumbersome process has led the company to explore faster ways to securely give business users of CEO the access they need to conduct business.
Last month, the bank demonstrated a new type of authentication technology it’s developing for corporate mobile banking customers, and it involves sophisticated biometrics technology.
PYMNTS asked Watson about how it works, and whether the market truly is ready for the types of security features once only dreamed up in the movies.
According to Watson, Wells Fargo first took this project up two years ago as a challenge to see how biometric authentication could ease friction for corporate users of the mobile CEO service – people like treasurers, CFOs and accounting professionals.
Since, the company has created two kinds of applications: one takes data from a user’s face as well as from their voice, creates algorithms to detect characteristics of that face and voice combination, and provides a user access based on that data.
The second involves a smartphone taking an image of the whites of the eyeball and identifying the unique pattern of red veins – something Watson said is unique to everyone, even between twins. That identifier is then used to provide access to a user.
Pretty high-tech stuff, especially for corporations, which can sometimes lag behind consumers in adopting innovation. But Watson told PYMNTS that corporate mobile banking customers were exactly the population that needed such a sophisticated solution.
“Business customers have a higher burden because they have a higher dollar amount of transactions,” she explained. “There is more risk – they want more security, and we do, too.”
She added that because corporates have a bigger pain point than the average mobile banking user, it made sense to tackle their needs, first.
As with any innovation, there will be kinks. Watson said that while these solutions were released in pilot phase (with the face-voice solution being offered to 100 corporate customers to test out, and the eye vein solution being trialed within Wells Fargo itself) there have been speed bumps she was prepared for – and some she could have never anticipated.
For example, privacy is a predictable concern for first adopters.
“The first question we get is about whether a user’s eyeball data will get stolen – they don’t want us to take a picture of their face when they’re not looking good, they ask whether we can see what’s behind them,” Watson said, adding that user education is key to adoption.
The biometric tool doesn’t capture and save photos of faces and recordings of voices. Rather, she explained, it turns that information into an algorithm which is then used to identify a face and voice the next time a user tries to log in.
But a few wrenches were thrown in the spokes of initial testing that probably couldn’t have been predicted.
“I didn’t envision that there would be a treasurer who would be riding a ski lift trying to approve a wire,” Watson said. “I also didn’t envision that people would want to use the authentication tool while they were walking – it’s hard to take a video of a moving target.”
[bctt tweet=”‘I didn’t envision a treasurer riding a ski lift trying to approve a wire'”]
But these are exactly the types of situations that need to be identified in pilot testing in order to make a solution functional. Watson added that in one case, a user was running into problems with the face-voice authentication tool because he wanted to use it in a dark room. That case was one of the reasons Wells Fargo decided to explore a different route – eye vein identification – which uses the backlight of a phone and therefore can often work better in a dark space.
“By doing pilots and offering users choice, there’s really no other great way of testing usability,” Watson said. “These are the types of lessons we couldn’t have had if we didn’t do a pilot.”
Pilot testing is done for now, and Watson said that a wide-scale solution will be rolled out early next year, leaving some pilot testers disappointed that they will have to wait to use it once again.
But for the rest of Wells Fargo’s corporate clients, will something so high-tech and novel truly take off? Watson says yes, and soon – in the next few years or so.
Part of that is because passwords simply don’t cut it anymore, she explained.
“Passwords are easily stolen,” she said, adding that they can be forgotten quickly, too. “We’ve had 15 years of passwords, and I think they’ve reached their due date.”
[bctt tweet=”‘We’ve had 15 years of passwords, and I think they’ve reached their due date.'”]
Already, the bank monitors user behavior – like their IP address, browsing behavior and other factors – to spot potential fakers even when a correct password is used. But the industry needs to go further to make corporate banking secure, Watson said.
“Today’s methods in terms of authentication are no longer adequate for the amount of fraud and mischief going on within the Internet,” she said. “Biometric methods are more secure because it’s taking security from something you have to remember and putting it into something of who you are, physical characteristics of a person.”
While she understands that some businesses will be a bit slower to adopt these tools (Wells Fargo will still offer the password-token-pin combination to its customers), she believes that biometrics authentication will not only take off in mobile banking, but within a corporation itself. As the bank prepares to roll out the tools, Watson said it is also exploring how to turn the smartphone into the hard token an individual needs to gain access within their company, as well as how to scale these biometric security measures for users on the desktop computer, where much corporate accounting and financial management occurs.
According to Watson, the efforts are all part of a greater effort at the company.
“Our mission is to make passwords a thing of the past,” she said. “And I think other corporations will follow suit.”