The growth of identity theft related crime has made it vital to introduce reliable authentication systems to the mass market. Biometric methods (voice and face recognition, fingerprints etc.) are particularly appropriate since they are easily understood and require no additional or unfamiliar technology.
Obviously, biometrics are not secrets, anyone can hear your voice, see your face or get a sample of your fingerprints and they can only used to confirm identity in a statistical sense (the response is not "black or white" like matching a password). In addition, organisations like banks will normally "tune" the biometric response to give them an appropriate trade-off between the the risk of missing an attempted impersonation and the potential for rejecting and upsetting genuine customers. For these reasons, it is important not to rely on biometrics alone but use them in combination with other methods: for example voice recognition to perform an initial "log on" and perhaps to see a bank balance but require an additional password if the customer wants to make a new payment or any similar "high value" transaction.
Biometrics have long been an active area of research in UK institutions. Speaker identification over the telephone, for example, was being developed at Edinburgh University in the 1980s as part of the work on voice and word recognition ("speech to text"). Warwick has also been a leading participant in the biometric field with work on advanced pattern matching to make fingerprints more reliable in situations where the images are of poor quality; for example amongst workers whose jobs in the building trade (link). The University has founded a successful spin-out company, Warwick Warp Ltd. to undertake further development and commercialization in this field. Meanwhile, fundamental research on pattern matching and forensic biometrics continues in the Department of Computer Science (link) led by Prof. Chang-Tsun Li.
A word of caution, while biometrics may improve the way in which we identify ourselves to banks, the benefits are not always mutual. Increasingly we see banks introducing terms and conditions that limit their liability unless their customers agree to severe restrictions such as never using a "banking password" for any other purpose and never keeping a written copy. As biometrics are introduced it will be increasingly difficult for customers to prove that they did not authorise any transaction and therefore to recover their money. Finally, when are banks going to provide their customers with an equivalent level of confidence in the opposite direction - how can we reliably identify the bank itself on the 'phone?
Melissa Holloway, Assistant Press Officer, (024) 76 575 601