Once upon a time, there was a King.
The King had been married to his Queen for three years, when
the Queen gave birth to a Princess.
Sixteen years later, the King was worried about his
daughter.
The Princess was very beautiful, and he did not want her to
meet the wrong sort of suitor.
So he built a tall tower within the Castle Keep, where his
daughter was kept in privacy, away from prying eyes and undesirable peasants.
Even so, the Princess was restless and would often stand at the
window looking out to the town and beyond.
The King was aware of this, and determined that this was not
a good thing either.
So he had his serfs brick the windows closed and opened the
ceiling of the castle keep to give his daughter light.
Even so , the Princess was unhappy, as she could hear the
laughter of the girls in the town as they were chased by the boys, and she
wanted to join them.
Seeing his daughter’s unhappiness, the King realised that
the sound of the town was the issue, so he had music played in the room all day
and all night so that she would not hear the sounds that made her unhappy.
The King was therefore surprised when his daughter disappeared
one day.
There were no unlocked doors, no way out of the Castle Keep
and no entry or exits from her room.
How did she get away?
What happened?
He called his Privy Council to explain.
“Sire”, the Council’s President explained, “apparently your
daughter has run away with the harpist.”
“The HARPIST?” the King exclaimed.
“Yes sire”, replied the Privy Council. “Apparently, they are in love.”
“In love?” the King questioned. “But the Harpist is a woman?”
“Yes sire”, replied the Privy Council.
Hence became the creation of what is now known as the law of
unintended consequence.
We see this Law in action in many quarters of society,
economics and banking, and no bigger is this Law in action today than in the
area of security.
Like the King, banks are trying hard to maintain customer
security sa the march of digital threats increases.
Originally, we began with a 4-digit PIN.
Back then, the inventor was concerned that customers would
not remember such a complex security mechanism.
4-digits?
How difficult is that?
As we all now know, his concerns were unfounded, and the ATM
took off rapidly as the easiest way to access cash without entering a branch.
Now, we have evolved to having the password and PIN.
And, as blogged about frequently,
we now know the Law has left us more insecure as we have far too many layers of
security that are not memorable.
In other words, the thing that was meant to make us more secure
is making us less secure.
As a result, new banks are experimenting with other ways of
accessing accounts using social sign-in, for example Facebook Connect is used
as a secure sign-on to Fidor Bank and Moven.
This is because some recognise that Facebook is more like a
browser today than a website.
It is the access point for many onto digital services, not
the endpoint.
Gradually, a few other banks get this idea. For example, ICICI Bank India became a
trailblazer when they launched full bank servicing in Facebook ...
… followed closely by other innovator banks, such as
Commonwealth Bank of Australia .
But even this is not ideal.
After all, some people may not want to use social to do
things they feel should be secure.
So what is the ideal mechanism for secure bank access today,
that avoids the law of unintended consequence?
For me, the natural evolution will be towards voice
recognition.
After all, we all believe mobile is the revolution and what
is a mobile?
It’s a TELEPHONE.
A Voice System.
A method of communicating using one’s mouth (and finger as
it turns out).
But the fact that we are most likely to have mobile with us,
and that a mobile telephone can be used as a dynamic authentication mechanism –
check the customer has their mobile with them at the ATM - and allows further checks, makes this
a natural media for authentication.
This is why I was intrigued to see the announcement from
Barclays
Say goodbye to the
pin: voice recognition takes over at Barclays Wealth
Advanced voice
recognition will detect whether a customer is who they say they are after just
30 seconds of normal conversation, the bank claims.
The system, which is
powered by the voice specialists Nuance, who are also widely known to be behind
Apple’s Siri technology, could end the frustration of customers who struggle to
remember passwords.
In fact, having seen Nick Ogden’s big bet on voice
biometrics some years ago when he founded Voice Commerce,
I fully expect voice recognition to be the biometric authentication of the
future, combined with geolocation and chip authentication to be a natural,
intuitive and non-invasive way of keeping our accounts secure.
Meanwhile, for the King, I would recommend letting his
daughter find her own way in the world … oh, and choose her Harpist more
carefully next time.
Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...