As digitalisation accelerates, mobile banking has become the dominant access channel for financial services, particularly among younger consumers. With this shift, financial institutions are prioritising data and transaction security to counter growing cyber threats.
In Thailand, where banking services are rapidly expanding, financial institutions are grappling with an increasing wave of cybercrime, according to Comarch.
Reports from Thai authorities indicate that over 20,000 online fraud cases were recorded in 2023, including phishing, identity theft, and unauthorised access to bank accounts. Fraudsters frequently employ deceptive tactics such as fake SMS messages impersonating banks and the exploitation of stolen biometric data to gain account access.
To combat these threats, banks are increasingly turning to biometric authentication methods, such as facial recognition and liveness detection, to enhance security while maintaining user convenience.
How facial recognition differs from a liveness check
Facial recognition is a biometric verification technology that identifies individuals based on distinct facial characteristics. In mobile banking applications, users take a selfie with their smartphone camera, and the system analyses their facial features—such as the distance between the eyes and the shape of the nose—against a pre-registered biometric template.
Liveness detection, on the other hand, is a fraud prevention measure designed to distinguish between a real person and a spoofing attempt using a photograph, video, or mask. This technology evaluates facial movements, skin texture, and responses to light stimuli to ensure the presence of a live user.
Both technologies are integrated into mobile banking apps to authenticate users during logins and transaction approvals, eliminating the need for passwords or PIN codes while bolstering security.
The technology behind biometric authentication
Biometric security in mobile banking relies on advanced machine learning algorithms, particularly neural networks. The face recognition and liveness detection process follows these key steps:
- Face detection: Identifies the user’s face in the camera feed.
- Normalisation: Adjusts the image for consistent analysis by accounting for lighting, positioning, and scale.
- Feature extraction: Identifies unique facial features and generates a biometric vector.
- Comparison: Matches the extracted features against the stored biometric template to verify identity.
For liveness detection, additional techniques—such as monitoring facial movements, analysing skin texture, or using depth sensors—enhance security. Given smartphone hardware limitations, biometric algorithms are optimised for performance.
Many employ transfer learning, where models are pre-trained on large datasets before being adapted for banking applications. Devices with dedicated AI processors, such as Apple’s Neural Engine, further enhance computational efficiency.
Ensuring biometric data protection
Thailand’s Personal Data Protection Act (PDPA), enacted in 2020, governs the processing of biometric data. Under this legislation, banks must:
- Obtain explicit user consent before collecting and processing biometric data.
- Implement robust technical and organisational safeguards to prevent unauthorised access or data breaches.
- Inform users of data processing purposes and their rights, including access, correction, or deletion requests.
These regulations ensure biometric data security and safeguard customer privacy amidst evolving cyber threats.
Regulatory framework for mobile banking security
The Bank of Thailand (BOT) has introduced stringent security regulations for mobile banking and payments, including mandatory liveness detection for high-value transactions. Key requirements include:
- Biometric authentication, such as facial or fingerprint scanning, for transactions exceeding THB 50,000.
- Implementation of presentation attack detection (PAD) to counter deepfake-based fraud.
- Remote customer identity verification using biometric matching and liveness detection.
- Additional risk management measures when liveness detection is insufficient for behavioural verification.
Financial institutions can deploy various biometric authentication technologies as innovations emerge, enhancing fraud prevention capabilities. However, some experts caution that biometric security alone may not be enough and advocate for additional behavioural analysis solutions to reinforce fraud detection.
The future of biometric security in Thai banking
As smartphone adoption continues to grow in Thailand, biometric verification is playing a crucial role in securing mobile banking services. By enabling secure and convenient authentication, these technologies reduce fraud risks, particularly identity theft. With cyber threats such as phishing and unauthorised account access on the rise, banks are increasingly leveraging advanced biometric algorithms and regulatory frameworks like the PDPA to safeguard customer data.
As technology evolves and user trust in biometric security strengthens, these solutions are set to become a global standard, ensuring that banks worldwide can provide seamless yet highly secure digital banking experiences.
Read the full blog from Comarch here.
Copyright © 2018 RegTech Analyst
