The implementation of a multipurpose access control system becomes much more relevant in the current digital context.
by Ricardo Vernizzi*
Financial institutions must be at the forefront of technology and ready to face the challenges in a world where digital is becoming increasingly important and in which challenges such as protecting data integrity, combating cyber threats and offering secure and convenient solutions to users, are needs of the first order.
In that sense, one of the possibilities offered by current technology is to allow access control systems that were exclusive to authenticate staff and protect bank spaces, today can be used in functions beyond security, with the aim of improving services and offering a better experience for both employees, and for customers.
With the same combination of solutions such as readers, controllers and mobile credentials, it is possible to manage access and identify the presence of employees and customers, thus obtaining a large number of benefits.
The implementation of a multipurpose access control system becomes much more relevant in the current digital context, of which the financial system is not alien, bringing with it valuable information and data for entities.
In addition, the customer profile is constantly evolving and increasingly acquires more practice in the use of mobile applications to make their experience more similar to the digital channels of frequent use.
At the same time, as a result of the pandemic, physical branches were reduced in number or implemented the hybrid work modality. As an example, Citibank activated this work feature as a rule, implementing three days per week of work with physical presence within its offices.
Likewise, the branches of some banks are offering additional services such as "Work Café", in the case of Banco Santander, or co-working spaces in general. In future perspective, some entities already rely on overnight stay services for the millennial public, which was unthinkable just a few years ago.
The "Phygital" universe
The current market is in the ability to offer multipurpose readers, technology that, despite being digital native, also allows the use of physical credentials.
The term "Phygital" refers to the connection of these two environments: online and offline, that is, it combines the digital experience of customers and employees with physical spaces.
This feature allows different integrations with the mobile device to be used by users and ensure higher levels of security, for example, authentication to access branches outside banking hours and use their ATMs.
Thanks to technologies such as the Beacon that some access control readers bring, the presence of the user can be detected. This feature can translate into many benefits, not only for banks, who can now know exactly who is in their locations, but also for customers, who can streamline procedures such as automatic check-in or appointment assignment.
Readers take advantage of the advantages offered by the geolocation of mobile devices to warn of the presence of a user within a branch, it is important to clarify that the recognition protocol is activated only when it is close to the reader, it also uses the same permissions and requirements that users adhere to when they use their location to find the nearest branch.
Likewise, the client can enter the physical facilities without being mediated by security personnel – thanks to this combination of experience – and has the opportunity to manage or access new services through the mobile phone in a fluid and uninterrupted way, interacting through its App, which communicates with the access control system and this in turn is integrated with the bank's systems and Your business rules.
In the case of employees, this combination of technology can be used to control access to certain areas of the bank, preventing entry into restricted areas. It also brings a series of advantages for entities, in terms of managing their workflows with employees and collaborators, in addition to the fact that they can better organize work schedules and measure the availability of their spaces regarding the hybrid work issue and the reduction of physical headquarters.
Biometrics: better experience and greater security
Any increase in comfort and user experience requires at the same time an increase in security, so biometrics is present in these new processes, since it is a reliable method to establish the authentication of true identities.
Thus, the security standards with this technology available to everyone increases by using at least two identification factors: PIN, facial recognition, fingerprint scanning, etc., avoiding impersonation, which can be facilitated with a physical credential when lent to another person.
Today, most smartphones are biometrically enabled: a person can do a face scan and link that image to enable phone unlocking.
There are reliable processes for digitally verifying the identity and address of the customer: the KYC (for its acronym in English, Electronic Know Your Customer). To anchor trust remotely, for example, the user could simply use their smartphone to take a photo of their government-issued ID and a facial scan (selfie).
The document reading software checks the identification, while the biometric comparison compares the selfie with the photographic image of the document.
The bank's customers can use their face to validate the transaction and identity and the touch of a finger to validate the intention to sign, for example.
Secure data under legal regulation
There are legal regulations that protect the privacy of people's data: these regulations are focused on the protection of users of financial systems and are strictly complied with.
In that sense, the client grants or not permission to the banks at the time of installing the application. According to industry data, 90% of customers accept it because they require security at the time a transaction is made from an unusual place, etc.
In addition, the manufacturer never interacts with the information provided by users or customers, a changing code is used to make secure transactions in digital channels.
The rules are clear: for example, in the United States, the recent Illinois Biometric Information Privacy Act, or BIPA, defines the ethical scope and appropriate use of this technology, so users can have some peace of mind.
In Europe, the GDPR that encompasses the protection and privacy of people's data and Open Banking, that is, the opening of information, under prior authorization of the user, with other entities, to streamline loan or financing processes, among other benefits, and PSD2, regulations focused on the protection and security of consumers in the payment market, They are considered the standards for privacy and data protection.
To preserve customer trust, financial institutions must be prepared for future needs, in order to combat cyber threats, protect data integrity, and at the same time create a secure work environment for employees and customers.
Thus, by implementing this technology that connects with the investments made by banks in terms of Artificial Intelligence, Big DATA, IoT and biometrics, the areas of IT technology and security can already invest together.
This ensures that every mobile, online and physical branch transaction is reliable, affordable and at the forefront of the highest security standards.
* Ricardo Vernizzi, director of business development at HID Global for the financial sector.