Volver

Banks in Mexico comply with biometric validation, but fraud risk continues

  • In 2021 the deadline expired and banks must capture biometric information of their customers.
  • Digital onboarding in Mexico is more complex than expected
  • Digital security continues to be compromised despite efforts to do so
  • Fingerprints, facial and voice recognition, some digital security measures of banks in Mexico.
  • The challenges of authentication as a national security issue.

The digital acceleration of 2020 caused almost 13 million people to integrate banking transaction services remotely through applications from their mobile devices.

Mexico went from 24 to 31 million users in just one year, according to data from the Association of Banks of Mexico (ABM), and by 2022, it is expected that 23 million more people will join this alternative of financial control in the palm of your hand.

However, although the growth is remarkable, it is not so great if you put it in perspective with other countries such as Argentina. During the pandemic, an average of 1,000 users a day were registered in Mexico, while in the South American country the figure was 50,000 new digital banking accounts.

And the key is the onboarding of the user to digital banking. While in Argentina the customer scans his or her identity document, obtains a biometric profile and sends it to the National Registry of Persons for validation, in Mexico the process is more complex.

Increasing fraud

The accelerated increase in electronic frauds tightened security measures for financial transactions. Laws such as those of Credit Institutions, the National Banking and Securities Commission and Financial Technology Institutions were reformed to prevent illegal transactions.

The countdown arrived and banks in Mexico had to update their systems to collect biometric information from customers for transactions over 9,600 pesos, among other banking services.

As of March 2021, once the extension that the government extended to banking institutions to complete the requirements was over, the agreement to the reforms published in the Official Gazette of the Federation became official.

Digital banking, is it safe?

The 51 commercial banks operating in Mexico were required by law to update their systems to take biometric data from their users, a simple process, lasting no more than 10 minutes, in which the customer is digitally enrolled to authenticate his or her person.

Today, each bank captures six fingerprints, a mandatory measure for opening accounts, consumer loans, contract or cancellation of digital banking, application or delivery of credit or debit card, allocation of telephone service key or modification of general data.

The objective of the measure is to reduce identity impersonation for the request of the mentioned services. The samples are checked against the fingerprint database of the National Electoral Institute (INE), the only government institution with the corresponding information.

Safety in question

It is true that the government is making an effort to reduce electronic fraud in Mexico, but the process still falls short when it comes to authenticating users. Even if the bank correctly performs the biometric validation process, no one ensures that INE’s database is not already compromised. In almost every election, frauds of deceased people who even cast their vote have been detected, just to mention some of the irregularities proven about the Institute.

Some financial institutions have made an effort to collect other types of biometric data to provide more security filters for their users’ transactions. Facial recognition systems have been implemented through the camera of the mobile device or voice recognition, which were already used in Mexico and allow the user to perform certain types of transactions via telephone.

The problem is that the effort is in vain, since the information is matched against a limited database that only has a record of people’s fingerprints, as well as a photograph, without advanced biometric data such as iris, retina, face or proof of life, to mention some of the measures currently used in the world.

The current outlook

Banks such as BBVA Mexico and Banorte already have facial recognition systems through their mobile applications. They identify facial features, pupils, nose position and dimensions. Their use is not mandatory, but they are constantly inviting users to biometrically validate their accounts.

The fingerprint was already in common use at Banco Azteca, Citibanamex and Banorte, banks where users use their own finger to authorize withdrawals and other transactions at teller windows and ATMs. These are the institutions with the largest number of fingerprint verification units in their branches throughout the country.

Voice recognition, or voiceprint, is another biometric validation measure, although it is not very popular among banking institutions, due to the high cost it represents and the series of permissions the user needs to grant to access the service.

Digital banking challenges for 2022

The digital acceleration of 2020 brought millions of users onto the digital banking train, who now enjoy the convenience of making and receiving deposits from their cell phones, avoiding transfers and above all contact with other people.

Banks complied with the regulations approved by the Mexican Congress. Today, users have to comply with certain biometric validation requirements to carry out many procedures and use services.

It is up to the Mexican government to invest in the necessary infrastructure to create a national system for registering people with all kinds of biometric samples that will allow banks and other financial technology institutions to provide greater security benefits to their customers and users.

The future is authentication

Biometric authentication is the future of cybersecurity. The trend indicates that more and more services are integrating the validation of their users, some of which include the registration of their reputation.

This information is essential for the correct use of the many services with risk of fraud that can be accessed electronically. Little by little, the information that we throw out could create complete profiles of the type of customer being served or even for companies to get to know more about the employees they recruit.

In April 2021, the Senate approved the creation of a National Registry of Mobile Telephone Users, which will oblige companies to obtain biometric data for opening new telephone lines, since it has been identified as a means used by organized crime to commit crimes, extortion and fraud.

Countries such as Colombia have relied on companies such as ReconoSer ID to offer advanced biometric authentication services to create a citizen registry for the benefit of national security.

Telephony services will join banking and financial technology services to biometrically authenticate their customers. But if we continue to match fingerprints alone against a database with compromised security, the risks will continue. Mexico’s authentication infrastructure needs to grow; it is everyone’s job.

By Alfredo Gutiérrez Bayardi

Bibliography

Secretaría de Gobernación. (Mayo 2021). Diario Oficial de la Federación. Octubre 2021, de Secretaría de Gobernación Sitio web: http://www.dof.gob.mx/nota_detalle.php?codigo=5619057&fecha=21/05/2021

Condusef. (Diciembre 2020). La banca biométrica. Octubre 2021, de Revista Condusef Sitio web: https://revista.condusef.gob.mx/2020/12/la-banca-biometrica/

Antonio Hernández. (Enero 2020). “Retiros mayores a $9 mil 600, con huellas”. Octubre 2021, de El Universal Sitio web: https://www.eluniversal.com.mx/cartera/retiros-mayores-9-mil-600-con-huellas

Édgar Juárez. (Agosto 2021). “En México, procesos retrasan onboarding digital bancario”. Octubre 2021, de El Economista Sitio web: https://www.eleconomista.com.mx/sectorfinanciero/En-Mexico-procesos-retrasan-onboarding-digital-bancario-20210829-0083.html

Darinka Rodríguez. (Abril 2021). “México exigirá el registro de datos biométricos para contratar una línea de telefonía móvil”. Octubre 2021, de El País Sitio web: https://elpais.com/mexico/2021-04-13/mexico-exigira-el-registro-de-datos-biometricos-para-contratar-una-linea-de-telefonia-movil.html

Banco Santander. (2020). “Biométricos”. Octubre 2021, de Banco Santander Sitio web: https://www.santander.com.mx/personas/regulacion/biometricos.html

Banco Azteca. (2019). “Driver Huella Digital”. Octubre 2021, de Banco Azteca Sitio web: https://www.bancoazteca.com.mx/empresas/banca-empresarial-azteca/driver-huella-digital.html