To date, authentication measures based on the third authentication factor, biometrics, appear to be rare in the fund industry. That said, at least one fund group has begun to use biometrics, specifically voice recognition, for certain retail shareholders who seek to engage in transactions over the telephone. The voice verification system in question is designed to permit shareholders to conduct a range of transactions (including some transactions for which a fund group might otherwise require signature guarantees or notarized signatures) and to conduct these transactions more expeditiously.1 Representatives of the fund group have publicly described the extensive development and testing of the system, and have provided insight into some of the issues faced and addressed by the voice verification system.2
Other fund groups consulted for this study have reported considering the use of biometrics for telephone transactions. Some have suggested that the additional security provided by such measures was outweighed by the significant development and implementation costs.
It does not appear that any fund group has yet adopted biometrics for online transactions. Historically, one potentially significant barrier to biometrics in the online environment is the need for participating shareholders to have access to the requisite computer hardware. In the past, authentication based on fingerprints or on iris or retinal patterns might have required a fund group to provide participating shareholders with a fingerprint or eye scanner. Some observers have predicted that in the future, biometric authentication through the use of smartphones and other mobile devices will become increasingly common.3 Indeed, a number of smartphones made by Apple, Samsung, and other companies offer fingerprint authentication, and one new smartphone even has a built-in iris scanner.4 Some financial institutions have reportedly already begun to permit customers to log into their websites using a smartphone’s fingerprint authentication.5
While measures based on biometrics may provide reliable authentication of shareholders, they are only as good as the initial authentication of shareholders seeking to employ such measures. In other words, a given shareholder’s identity must be reliably confirmed when he or she signs up for biometric authentication in the first instance. Thus, for example, if an impostor were to seek to authorize the use of biometrics for a shareholder account and were to provide his or her own voiceprint or other identifier in this initial authorization process, the impostor would presumably thereafter be able to sign in and effect transactions in the shareholder’s account (and the actual shareholder might be unable to access that account).
Back