Exclusive: ‘You ARE the key’ – David Crawford, NatWest in “The Fintech Magazine”
Biometrics are playing a key role in NatWest Bank’s retail payments strategy. And, according to David Crawford, Head of Effortless Payments, they will, eventually, be people’s technology of choice for identification and access control
Bank executives often need business cards the size of a building to explain their purpose in life – and then it’s not always clear from the job title. So, David Crawford’s has a refreshing simplicity.
Head of Effortless Payments at NatWest Bank precisely explains his mission: to take the hard work out of making transactions for retail customers – and much of that is being achieved with the bank’s pioneering use of biometrics.
Making payments quick, easy but secure enough to satisfy tougher Secure Customer Authentication (SCA) requirements being introduced under the revised Payment Services Directive (PSD2), is the juggling act that all banks are going through as the legislation makes them responsible and liable for ecommerce payment fraud.
SCA, which must be implemented by the end of 2020 for payment institutions in EU member states and in September 2021 for the UK, is also occurring at a time when contactless payment use has rocketed during the COVID-19 pandemic. Crawford and NatWest believe the answer to better security lies in using customers’ biometrics rather than relying on traditional security measures like PINs, passwords, or even signatures.
Back in 2018, the bank teamed up with Visa and card manufacturer Gemalto to be the first in the UK to successfully pilot a fingerprint-activated debit card, which allows spending up to £100 per transaction. A year later, and in association with Mastercard, it successfully trialled a fingerprint-activated credit card and, moving away from cards altogether, it has also developed a prototype fingerprint-activated payment fob.
In August 2019, it started a three-month trial into voice-activated banking with 500 of its customers using Google smart speakers. The results revealed that customers were happy to use voice banking for everyday tasks, like checking balances or switching funds between accounts, but were less comfortable using it for more complicated purposes, such as setting up mortgages or pensions. Underscoring its potential benefits were a cohort among the trial group of visually impaired or physically disabled people, who were the most enthusiastic about embracing the technology for all their banking needs.
Crawford admits that the general public’s continuing unease about allowing their biometric data to be stored remains the single biggest challenge to overcome. And he’s probably close to putting his finger on it when he says: “The more we talk about biometrics to customers, the more we’ll potentially alienate them.” Because evidence suggests that when the power of biometrics is, literally, put into a customer’s hands, any reservations they had dissipate.
“Customers have loved the experience of being able to do things through biometrics and, largely, that’s because they don’t really think of it overly as being biometrics,” Crawford explains.“What customers actually see is the extension of contactless. Customers already really like contactless – we know that – and, particularly in the current COVID situation, contactless is being used more and more. But during the trial, customers really valued the ability to pay for things over the now £45 contactless limit with their card because it was biometrically authenticated.
So, the biometric element was almost a secondary factor to the convenience for them in some respects. In fact, they liked it so much that, in many cases, customers were saying it would be quite good if they could biometrically authenticate transactions under £45. It gives that sense of security, that if someone were to take your card, they can’t even pay for a Mars bar with it,” says Crawford.
“Some of the other things that customers loved about it are not the things you might’ve thought. A good example of that was an LED light on the card that confirmed whether the authentication had been successful or not: it flashed up green for yes and red for no. There was a real wow factor in having an LED on your bank card, telling you if the payment had gone through.“
Questions were raised during the trial over security: what would happen if criminals resorted to copying someone’s fingerprint using sticky tape – Mission Impossible-style – or even (more sinister) by acquiring fingers.
“There two things I would say to that,” says Crawford. “One, there are easier ways of a fraudster making £100 than having to go to the trouble of chopping off your finger. And the second is that the biometric sensors are a lot more sensitive than that – they actually are able to read subdermally, not just your fingerprint, for example, but the blood vein patterns underneath your fingerprint. So they can be incredibly sensitive, in terms of what they pick up.”
Other European banks have also carried out trials with biometric credit and debit cards, notably French bank BNP Paribas, which is now in the process of rolling out biometric cards to up to 15,000 of its customers in a partnership with Mastercard and Gemalto. So will NatWest follow suit?
Crawford says that decision has still to be made due to the production costs of the cards in their existing form and the current low level of merchant acceptance in the UK.
Work is also continuing on the payment fobs and he signals that a third form of biometric wearable will soon be revealed.
“In some respects, it was strange that we started off with the card because it was probably the more difficult to do. But it was very popular,” he says. It was also very expensive for the bank.
“What we have to consider is, firstly, if we did it for every card, can we make it cost-effective? And, secondly, if that is the customer’s main card, their main payment device, we need to see better merchant acceptance than we are seeing today. Those are the two factors when weighing up whether it’s the right thing to do, going forward. But it was a really good test and we learned a lot from it.”
The bank also conducted trials of a biometrically enabled key fob that could make payments.
“It was just a way of testing something away from the card format – the kind of thing that you might use when you’re out running, for instance, and just want to leave your card, possibly even leave your phone, behind. Does that work?
“Now we’re in the third phase of looking at other forms of wearable. Hopefully, by the end of this year, we’ll be able to talk about our next steps in the world of biometric wearables, and we’re very excited about that. The whole area around digital ID, various other biometric ways of authenticating someone, and using anti-impersonation methods when opening an account, are all things we’re looking at.”
Crosshead to break copy
There is another, important and growing area in which biometrics are deployed, and it has to do with behaviour.
Behavioural biometrics use machine learning to build up profiles of ‘normal’ patterns of doing things, which are, tailored to an individual – it could be the way they hit their keypad for instance, which device they choose to make a transaction from, or the sequence in which they do it. Crawford believes that these background programmes could play an increasingly significant role in protecting customers’ accounts from unauthorised use.
Since early 2020, the bank has used ARIC Risk Hub platform from behavioural biometrics provider Featurespace for transaction monitoring, which reported NatWest saw an immediate increase in the value of stopped fraud and scams. It also had a significant impact on false positives. The number of legitimate transactions being declined is an increasing issue as regulation and banks’ sensitivity to fraud increases the level of monitoring.
As with the Featurespace partnership, NatWest is reaching beyond its in-house teams to come up with solutions.
“We have a really good understanding of payments, and the way that customers want to make them; what gives them value, what they like to see, in terms of security,” says Crawford. “But then translating that into the engineering, and coming up with products that meet those needs, is really something that we need a wider ecosystem to help us with.”
Looking to the future, Crawford forecasts that technologies such as 5G, the Internet of Things, AI and quantum computing will render keyboards, and therefore PINs and passwords, obsolete – making biometrics the only viable alternative.
“It seem to me that biometrics will be the only answer in five to 10 years,” he says.
Payments by then, as his title suggests, will be entirely effortless.