mother's maiden names...

Perry E. Metzger perry at piermont.com
Wed Jul 13 12:26:52 EDT 2005 

A quick question to anyone who might be in the banking industry.

Why do banks not collect simple biometric information like photographs
of their customers yet?

If I walk into a branch complaining that I've been robbed and that I
don't have my bank card any more, the branch manager will look at some
externally generated credential (like a driver's license) and ask me
something like my mother's maiden name. Of course, my mother's maiden
name is widely available in public records, and bank clerks aren't
well trained in identifying forged licenses (though presumably they
are rare).

Why is it, then, that banks are not taking digital photographs of
customers when they open their accounts so that the manager's computer
can pop up a picture for him, which the bank has had in possession the
entire time and which I could not have forged? Heck, that would also
provide a secondary check for a teller when processing an in-person
transaction -- the customer's picture could just come up as soon as
you open their account and you could eyeball them. Digital cameras are
also pretty cheap, and opening an account is a sufficiently tedious
manual process that another few seconds would make no practical
difference to the customer or bank employee.

My guess is that the reason is a) they've never done things this way
before and b) fraud rates are low enough that they haven't had the
stimulus.

However, I think it is something people might want to consider in
designing security systems for institutions like this. Photographs,
iris scans, fingerprints, etc. are all awful ways of handling
identification over the internet, but they work very nicely if they
can be checked in person by someone. If you need to have a good sense
that you are in fact talking (in person) to the real customer, a
picture and/or digitally stored fingerprints collected when the
account was opened seem like a simple and cheap way of improving
security.


-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list