During the summer, the CNIL has agreed to launch nra an original experiment by La Banque Postale, involving a voice authentication system. Unlike most of the initiatives approved nra to date (such as Natural Security), it has an important feature: the biometric data will be centralized. The test in question target online payments, for which the imagined solution, called "Talk nra to Pay", intended to completely replace eventually entering the validation code (CVV) and the authentication system 2 3D factors -Secure. To facilitate its adoption, it has been designed to require no change on the websites of e-commerce: the latter treat the corresponding regulations as mundane card transactions. How it works there? In a first time, the volunteers, who will be selected from the employees of the Banque Postale and customers participating in the "BanqueLab" (open innovation structure of the institution?) nra Will make their enrollment. To do this, after registration, they will receive a specific payment card transaction and will register on the dedicated website. At this stage they are called on their phone (they provided the number) to record their "voiceprint" through nra a series of guided exercises.
Then, when making a purchase, the payment procedure is relatively classic: the customer enters their card number and expiry date, only the ciphertext security undergoing some special nra treatment. It serves here as secret disposable and must be generated for each operation. This step can be performed via a plug-in nra installed in the web browser or connection to the site "Talk to Pay." In both cases, a phone call, during which the user authenticates by repeating the sentence before it triggers the transmission of the necessary code. It is also about an application for PC and mobile, but it is impossible for me to understand how it fits into the device. Should also be noted that the experiment will involve nra 500 to 1000 people and it should not exceed 13 months. After this period, nra the CNIL request that a review be communicated to it, including in particular the conditions nra of implementation (including usage statistics, satisfaction and dysfunction) and elements on the user perception. Hopefully these results nra will be made public! The strict point of view of safety, the system "Talk nra to Pay" is an interesting development because it combines three authentication factors: what the user knows (information card), it has ( the phone which he recorded the number) and it is (for his voice). nra And its application in online trading is logical and relevant in the context of a resurgence (recent) fraud. However, its implementation still leaves much to be desired ... The user experience seems to have been totally forgotten. The installation nra of an additional module will be beyond nra the reach of many users (even if that tablet users) and the alternative, requiring identification on his personal space is much too heavy. Especially since it will then wait for the phone call and lose a few seconds nra to perform the authentication itself (listening and repeating the magic phrase). E-merchants who complain about the fall of their conversion rates with 3D-Secure will definitely love it! So forget this choice a bit strange and do not keep in mind that the technical aspects of the experiment, which should confirm the operational viability of the voice authentication, and especially the position of the CNIL on a topic that is often seen as taboo in financial institutions. Yes, biometrics is possible in France, provided that all precautions are taken to protect sensitive data and that "the collection of such data is proportionate to the aim pursued," in the words of the opinion.
I am Patrice Bernard, passionate and responsible supply innovation Conix. This blog is intended to share and comment on the news on emerging technologies and practices in the financial services. nra I am speaking here as an individual and my writings are not binding Conix. Email: patrice bernard [at] Conix fr [.] [.]
american express nra android appstore nra insurance axa bank of america bank Postbank 2.0 bnp paribas BPCE citi cloud collaborative nra communication agricultural credit credit unions digital native data center development decision dematerialization e-banking e-commerce business fraud gab 2.0 forrester gartner google green it hpc hsbc computer c
No comments:
Post a Comment