Banking transactions in palm of your hand

Financial companies have been introducing payment systems using biometric identification that will relieve the burden of carrying wallets when going to the nearby supermarket or simplify the process when wiring money through mobile banking apps.

Woori Bank last week introduced an iPhone mobile banking system that reads individual fingerprints for mobile wire transferring and payments. The same system that will run on Samsung smartphones will be introduced at the end of this month.

Woori is not the first to provide a service where fingerprints replaced the authenticated certificate that is required in financial services. However, it is the first bank to replace security cards or the one-time password (OTP), which is a security system that automatically generates a sequence of numbers that authenticate the user. This opens up opportunities to wider financial services including wire transferring or subscribing to new financial products by simply placing one’s finger on the mobile device.

The fingerprint recognition system is limited to more recent mobile devices like the iPhone 5S and above or Samsung Galaxy S6 and higher. Additionally if the person hurts his or her finger or the finger print is damaged, access will be denied or limited.

This is the reason financial companies have been considering using other body parts in their biometric securities system such as the vein in the palms, which like fingerprints are unique for every person.

Lotte Card is planning to launch a trial service where veins in a palm will be used in a payment system. The biometric payment system will be tested at Lotte Mart and its storage-like wholesale brand Big Market. This system is expected to replace Lotte’s plastic card if implemented.

“After we test the system and if it receives positive reviews we plan to expand to other Lotte retail affiliates,” said a Lotte Card official.

However, because the machine that reads palm veins is expensive it is expected to take time before it is applied to all branches of Lotte Group’s retail businesses.

Shinhan Bank is the first financial company to adopt the palm vein authentication. The company installed the palm vein reader at the digital kiosk ATM machine at the bank’s smart lounge in the bank’s headquarters in December 2015. Since then more than 10,000 customers have registered their palm vein in the machine’s databank.

NH Investment & Securities recently adopted a system in all of its branches where clients use their palm veins in accessing all of the brokerage firm’s financial services. Previously the clients would have to show their identification card or brokerage cards for access.

Now, all they have to do is place their palms on a device for registration.

“We’re the first [in the local] financial industry to split the information on a client’s palm vein with the bio information management center at the Korea Telecommunications & Clearings Institute,” an official at the NH Investment & Securities said. “It reduces any concerns over private information being leaked out.”

BC Card in the first half of this year plans to introduce a mobile payment system using voice recognition system. Instead of punching in passwords when paying via smartphones, the person only has to speak into the smartphone, which will analyze the voice.

Even if the person catches a cold and their voice changes slightly, the system reads the person’s speech pattern before authenticating. The user, when registering for the service for the first time, needs to speak into the smartphone seven times.

“The finger authentication can only be used on the latest smartphones that provide such services but the voice recognition system can be used on all smartphones,” said a BC Card official. “However, the payment will be only applied to those that are 300,000 won [$263] or less.”

Woori Bank and IBK have applied a retina recognition system on its smart ATMs.

The industry continues to enhance the security feature of these technologies to prevent copies or hacking.

One of such efforts is storing half of the biometric information of clients at the Korea Telecommunications & Clearings Institute.

That way, even if either the financial institution or the Korea Telecommunications & Clearings Institute is hacked, the obtained information will be rendered useless.

But even with such security efforts, they may not be 100 percent secure.

“Because hackers continue to find the weak spots in securities, it is not impossible for data to be tampered or leaked,” said Hwang Jong-mo, head of the securities research team at the Financial Security Institute. “It should be the efforts of the system developer, the financial companies and the institute that verifies the biometric data.”

BY HAN AE-RAN [lee.hojeong@joongang.co.kr]