Mobile Authentication Case Study: bunq
bunq, based in Amsterdam, is one of the world’s first mobile-only banks. Since its start in 2015, bunq has risen quickly in popularity in its home country, and is quickly expanding across Europe, allowing its customers to set up bank accounts, make payments, and transfer funds to friends all from a single mobile app.
The Problem
The main problem bunq faced when launching its mobile app was how to secure mobile authentication to protect customer finances. To this end, the company decided to use biometric authentication to confirm users identities whenever they performed actions like high-risk transactions or resetting account limits. Originally the company chose face biometrics, as facial recognition was similar to taking a selfie, a process many people are already quite comfortable with and that’s supported on a wide variety of smartphones. They opted to not use built-in fingerprint sensors for transaction authentication because it would be limiting for their customer-base, especially if a user’s device didn’t include fingerprint capabilities.
However, bunq quickly realized that face has its own limitations and security concerns. Facial recognition isn’t the most secure biometric. It can perform adequately in ideal conditions, but when compared to fingerprinting or iris recognition, face biometrics are much easier to spoof and have higher rates of false rejection – when the application incorrectly rejects an authorized user’s authentication attempt.
Furthermore, facial recognition is highly impaired by poor environmental conditions. In dark lighting, for example, it can be difficult for the camera to properly detect the user’s face. It was also very inconvenient for customers to “take a selfie” in some situations where they needed to authenticate a payment, many of bunq’s customers reported. This led the company to consider alternatives.
Why Veridium?
In selecting an alternative to facial recognition, bunq discovered Veridium’s 4 Fingers TouchlessID – a contactless hand recognition biometric that could easily collect a user’s fingerprints using just the rear camera and LED flash of their smartphone. bunq embraced the use of hand recognition because it provides many benefits for both security and convenience.
Unlike facial recognition, this type of hand recognition doesn’t rely on ideal lighting conditions for authentication quality. And, when compared to single mobile fingerprint sensors they were able to get not just one complete print, but four, which makes it one of the most secure mobile biometrics on the market.
“With the camera on your phone you can scan the four fingers on one hand. The fingerprints, or the lines and marks on your fingers, are then converted into code. That’s actually a kind of password,” says David Van Damme of bunq. “The goal of the new method is to make payments easier, more user-friendly and above all, safer. The prints of four fingers are a lot safer than a [single] fingerprint.”
“Our commitment to giving people control over their money again requires the latest technology and biometric authentication solutions. With 4 Fingers we guarantee an easy-to-use and safe banking experience in which users have access to real-time data.”
Ali Niknam, bunq CEO and founder
The Benefits
With 4 Fingers TouchlessID, bunq was able to eliminate environment as a weak point, as well as ensure high-quality fingerprint capture every time a user needed to authenticate. This saw instances of failed mobile authentication attempts drop by 80 to 90 percent, especially when customers were attempting to make transactions in dark lighting. Furthermore, the number of attempts a customer had to make before successful authentication fell by almost 40 percent, with the average user seeing successful authentication on the first attempt.
While the bunq app still allows users to use face or a passphrase for authentication, they found that a vast majority immediately made the change to hand recognition when the option became available, with only 2 percent still using face, and another 19 percent using a passphrase. Additionally, the app uses a risk assessment system, which is able to determine when authentication with 4 Fingers is needed and when a user can use a weaker form of security.
Learn More
Learn more about how VeridiumID and 4 Fingers TouchlessID helped bunq overcome the challenges of authenticating financial transactions in our webinar with bunq’s David van Damme.