Few would bet against biometric authentication going mainstream in the banking and finance sectors in South Korea this year as customers increasingly find it convenient to use the services simply with their fingerprint, iris or face.
However, concerns also remain over security as serious risks arise if users’ biometric and financial information is hacked.
Biometric verification is a system that allows users to log into banking apps and make transactions through biometric verification without typing in their ID or password. The use has been on the rise among younger consumers familiar with smart devices.
In Korea, handset makers, Samsung, LG and Apple, are offering smartphones to allow users to make banking and financial services through fingerprint, iris and facial recognition in partnership with local banks and card firms.
Some financial organizations go further to allow their customers to verify their identities with palm recognition through automated teller machines or stores.
Banks and financial firms are willing to expand the biometric verification technologies in their services to provide more convenience for users “only if security is further guaranteed,” according to a Woori Bank official.
Security should be guaranteed on smartphones and financial organizations, he said, although concerns over the risk still remain on both sides.
As far as smart devices go, reports of a biometric system being hacked follow every time a new smartphone biometric system is unveiled.
In May, reports said that Samsung Galaxy S8’s iris scanner was fooled by German hackers with dummy eyes, although Samsung said that the hack was unrealistic and impossible in ordinary settings. In October, a researcher in Vietnam demonstrated how he fooled Apple’s face recognition ID software on its new iPhone X using a mask made with a 3-D printer.
The bigger risk of security, however, lies in financial organizations, experts say.
“If financial organizations are hacked in the process of using users’ biometric information, it will pose a serious problem as both biometric and financial information can be stolen,” said Oh Jung-gun, professor of IT and Finance at Konkuk University.
“So the financial organizations should be fully equipped with hacking prevention systems,” he added.
Banks claim they are pouring money into developing hacking prevention systems as information technology is becoming crucial to their business.
However, 15 local banks were found to have spent only around 10 percent of their combined IT budgets on security last year. They are also reported to have only 800 IT security personnel combined, a 0.3 percent of total 230,000 employees.
The Financial Supervisory Service has not deeply stepped in to regulate biometric security issues because the market is still nascent, taking the view that strong regulation would create obstacles for fintech startups.
It instead orders the financial firms to develop information protection systems, install firewalls and separate networks.
“Instead of imposing strong regulations in advance, the government should make the firms strongly accountable when hacking accidents take place. This can be a warning to make the firms work harder to prevent such accidents,” said Lim Jong-in, a cyber-security professor at Korea University in Seoul.