Could biometrics eradicate banking fraud?

Last year, the British banking industry lost a little over £450m in card fraud - a greater amount than in any year aside from 2005, 2007 and 2008. Although the introduction of chip and PIN technology has greatly reduced the amount of counterfeit card fraud, the majority of fraud continues to take place online. Combined with telephone and mail order fraud - online fraud accounted for £300m of the £450m lost last year - and the industry is showing no signs of getting on top of this.

Today's news that Barclays is to announce biometric vein-reading technology for its business banking customers next year could be the start of something that will eventually help the banks push back on online fraud against private customers.

The Barclays technology will force business customers to place their finger in a reader - Minority Report style - before being able to log in to their internet banking. The reader won't scan your fingerprints. Instead, it will monitor your vein pattern. Thankfully, the vein technology relies on the finger being attached to a live body - so there will be nothing to be gained by chopping off people's fingers. And on the face of it, this looks like the best attempt yet at creating something secure but convenient for customers in the world of banking.

Giving the finger to card fraud

Although secure access to your online banking facilities is critical, a more interesting application for this technology would be to use it to verify online payment transactions. If every household had a vein reader at home, we could complete our Amazon purchases by touching our finger onto it, rather than having to squint to find the last three digits on the back of our credit card.

Whether or not such technology becomes mainstream will of course come down to the cost. The readers will have to be cheap enough that banks feel they can pay for themselves over time. And such technology would also need to be nimble enough to be integrated into mobile devices - which now account for an ever growing proportion of online transactions.

As with all fraud prevention technology, it's also important that banks take the time to look for any possible ways of it being compromised. Although biometric readers look very secure, banks need to be sure there are not ways of overriding them.

When Chip & PIN was introduced, the banking industry regularly claimed that the system was full-proof - insisting that if the correct PIN had been used with a card, then the transaction must have been made by the card's owner or, alternatively, the cardholder must have been negligent and let someone discover their PIN.

But researchers at Cambridge University quickly debunked that myth, proving they could override the system by convincing the PIN reader that the correct PIN had been entered when it hadn't. Biometric systems will surely be open to similar attacks - and it is vital that once such new technology is rolled out, that customers are still presumed innocent if they end up becoming victims of fraud.

Nevertheless, if biometric readers work, they could be the perfect combination of secure and convenient.