Financial institutions are implementing biometric solutions that can add layers of security, reduce fraud and provide a better understanding of client experience, however banks must integrate these solutions carefully, keeping compliance front and center and staying aware of fraud since the technology isn’t foolproof — not yet at least.

In fact, alongside the surge in implementation, privacy lawsuit claims related to biometric information and cyber-physical systems are rising, and could exceed $8 billion by 2025, Gartner analysts predicted earlier this year.
“The collection and storage of biometric information is gaining, whether in the form of fingerprints, iris scans, remote recognition of face, gait, voice or even DNA samples,” Bart Willemsen, vice president and analyst at Gartner, said in a release. “But this information has huge potential to be misused or abused.”
Banks store biometric data, which is the collection of unique physical characteristics of a person including voice, thumbprint or facial recognition, to verify client identity. WaFd Bank, for one, collects and stores voice biometrics to authenticate clients in its call center.
Banks can’t be certain that clients don’t have multiple biometrics stored on their phones to allow family members access to their devices, Ant Allan, vice president analyst at Gartner, told Bank Automation News as an example of potential misuse.
“Typically, we just ask the users to affirm when they set up mobile banking that they are the only person, and if anything goes wrong because another family member had their fingerprint on the phone, then that’s the liability.”
On the bank side, data management, too, must be considered, Allan said.
“You have to manage how you store and process that data, which gives you at least a big security issue that leads you into compliance with privacy, regulations and legislation,” Allan said.
While there is risk related to collecting and storing biometric data, banks continue to launch biometric solutions for authentication in login processes, call centers, wire transfers and even in the back end for user experience purposes.
Three areas of biometric authentication
There are three different types of biometrics banks can leverage on their platforms, Allan told BAN:
1. Device-native active biometrics: Banks leveraging solutions like TouchID or FaceID on Apple devices and the equivalents on Android phones are using device native biometrics, Allan said. The technology is already available on client phones and a specific action — such as a fingerprint or face scan — is required by the client to authenticate and grant access to a bank’s platform.
“We’ve seen significant adoption in banks for mobile applications using device-native methods,” Allan said. Banks use providers’ APIs as part of the banking application login process.
2. Third-party active biometrics: Banks that use third-party vendors for biometric solutions are looking at additional expenses, Allan said. Although costly, this approach can offer more control than device-native biometrics. Third-party organizations build the authentication into a bank’s application and offer more oversight from bank itself, rather than relying on technology from a client’s own phone.
3. Passive behavioral biometric method: This solution does not require client action but instead works in the background of a bank’s platform to monitor how clients are maneuvering through a website or mobile app by tracking characteristic movements, Allan said. Passive behavioral biometrics collects data for banks to better understand how clients are navigating their sites. This technology is typically always managed by a third party, Allan added.
Bank of America
Bank of America, for one, is leveraging device-native biometric solutions to sign into its CashPro app. Specifically, the bank is using a QR code tied to the app that is uniquely generated at every login, Jennifer Sanctis, director and head of CashPro Mobile at Bank of America, told BAN. Clients scan the code and use their phone’s face ID to access their accounts.
“The drivers behind a lot of our investments within CashPro are delivering seamless experiences with exceptional service to our clients.” Sanctis said.
The solution, which launched in September, was designed to enhance the identification and authentication process for its users, including the ability to move away from the need to remember a password.
“This is the first step focused on sign-ins, it simplifies the process of remembering credentials,” Sanctis added.
Truist
Similarly, Truist views smartphones as “an extension” of their branches, Ken Meyer, chief information officer of digital channels and innovation at Truist, previously said during a panel discussion at Bank Automation Summit Fall 2022 in Seattle.
Truist clients can use biometrics on the bank’s mobile app to replace a physical card at an ATM or for voice authentication in the contact center.
WaFd Bank
Also leveraging voice authentication is WaFd Bank, Dustin Hubbard, chief technology officer at Seattle-based WaFd and its wholly owned subsidiary Pike Street Labs, told BAN. In August, the bank rolled out an automated voice authentication feature in collaboration with Amazon Web Services’ Lex and cloud contact center Talkdesk.
Voice biometrics allows call centers to verify client identity without asking multiple questions that cause client frustration, Hubbard said. The technology uses “machine learnings comparison on the biometric footprint of your voice and the articulation of it to see whether it matches.”
No matter which biometric solution a bank is using, all can “be applied to provide a better sense of security but also less friction for people trying to prove their identity to whatever system they’re trying to interact with,” Hubbard added.

Streamlining processes, reducing friction
In addition to streamlining login processes and reducing friction in call centers, banks are also using biometric solutions to authenticate documents through a process called “document-centric identity proofing,” Gartner’s Allan told BAN.
For this process, banks use biometric technology to compare the face on an application against the photo on an identity document, such as a driver’s license or passport, he said.
One vendor offering this solution is Onfido, which provides an identity verification tool, Allan said. “Some of these firms still use humans to do the comparison, but most of them process the majority of these transactions using automated biometric comparison.”
The reality of biometrics
As banks increasingly add biometric capabilities throughout their platforms, FIs like Bank of America and WaFd Bank continue to innovate and launch new products.
But for now, banks are steadfast about finding a middle ground between offering biometric capabilities while still catering to clients who are intimidated by biometrics or don’t have the technology on their devices to leverage the solution, Gartner’s Allan said, adding that the industry recognizes it’s not at a place yet where banks can go all-in on biometric solutions.
“Once every customer has refreshed their hardware so they’ve got biometric authentication built into every device they use to access their bank, that would be the norm … but that’s going to take several years.”
For now, “[Banks] have to offer the best available solutions for customers that can use [biometrics] and are willing to use them and try to move as many customers as they can to more robust solutions, so they are minimizing their overall risk,” he added.






