It was way back in 1969 when Reg Varney (of On the Buses fame) became the first person to withdraw cash from a hole in the wall at Barclays in Enfield, London. The cashpoint was ‘invented’ by John Shepherd-Barron OBE, but it is a lesser known fact that it was his wife who gave us the PIN.
The story goes that the PIN was intended to be six digits long but his wife could only remember four, so that number stuck and accordingly she became affectionately known at De La Rue (the company where Mr Shepherd-Barron works) as Auntie PIN.
Roll forward 48-years and whilst contactless is becoming more and more prolific, we all have our four-digit PINs. But is this about to change? If stories in the Australian media this week are to be believed then maybe so. The reports explain how Visa and the wider payments industry is working on plans to migrate from PINs to biometrics and that consumers in Australia may well see the technology before the year is out. Meanwhile, in the UK, TSB is reportedly planning to roll out iris-scanning for customers using its mobile banking app as soon as September.
It is no secret that I am not a big fan of biometrics and my scepticism is well founded. The consumer grade technology we have on our mobile devices is all about convenience rather than security, and it has been proven time and time again that it can be fooled. In fact, the latest voice biometric technology used by banks can be tricked, as a pair twins demonstrated in a recent episode of the BBC programme Click.
My concerns are not only for the protection of customers but also the banks themselves. The cost to upgrade every cashpoint with biometric readers will be huge, then there is the challenge of how to enrol customers on to the new system. Then what happens when they want to withdraw cash when in another country that isn’t using the system?
The huge positive is that banks and the payments industry are taking the need to improve security and usability for customers very seriously. However, we have put all our eggs in one basket before, with passwords and PINs and I fear that the same is happening again with biometrics. There are many solutions that can help banks take the next step without the huge costs, upheaval and the need to totally reinvent the wheel (or should that be hole in the wall!
