Barclays Bank in the U.K. will begin using a finger vein scanner to identify its customers. The move comes after a wave of hacks on financial institutions that have demonstrated how feeble password and PIN protections have become.
The bank will send the small portable device to its customers who want to do their banking online. It will function as a form of two-factor identification. Users will punch in their pass word or account details, and then be required to confirm their identities by sticking their fingers into the scanner, a separate device from their computer.
Barclays customers have already been using a separate portable device, the PINsentry, the access their accounts online. Users log in, then insert their debit cards into the PINsentry to retrieve another code number, and can only proceed with transactions once the web site is satisfied that the user, the card and the PINsentry code all came from the owner of the account.
Here is a PINsentry:
The vein scanner will be even more secure, Barclays says: “The compact device can read and verify the users’ unique vein patterns in the finger. Unlike finger prints, vein patterns are extremely difficult to spoof or replicate. Barclays will not hold the user’s vein pattern and there will be no public record of it.”
Here is a closeup:
Barclays finger vein scanner
The device will require users to make sure they don’t lose any of their fingers, the Guardian noted:
Customers will first have to register a finger – Barclays is recommending the index finger, plus a back-up digit should you be careless enough to lose or damage the first choice. The unique vein pattern in the finger will then be held on a sim card that is added to the reader. Barclays itself will not store the data.
The device then scans the unique pattern of veins inside your finger to confirm that it’s actually you:
Japan, Turkey, Russia and Poland already have banks using vein scanners to confirm IDs, the Financial Times says.