Banks Bet Big on Biometrics as N.Y. Cybersecurity Rules Loom


New York is the well-known capital of the financial world–sorry London, Hong Kong and Tokyo. Big banks, investment firms and law firms all help make the city, if not the state, the breeding ground for innovative thinking. But if the big banks aren’t careful they can be a prime target for hackers. 

The new cybersecurity rules, which take effect March 1, requires banks, insurance companies and other financial institutions regulated by the New York Department of Financial Services (NYDFS) to establish and maintain a cybersecurity program meant to protect consumers and ensure the safety of the state’s financial services industry.

One provision of the NYDFS cybersecurity rules requires covered entities to use multi-factor authentication “to protect against the unauthorized access” of confidential and other protected systems information. 

Some banks aren’t waiting until the March 1 implementation deadline to enhance their cybersecurity.

The Royal Bank of Scotland Group Plc, along with behavior biometrics company BioCatch, have already employed multi-factor authentication technology in anticipation of the upcoming NYDFS cybersecurity rules. Kevin Hanley, director of innovation at RBS and NatWest, told Bloomberg BNA that the technology works by tracking multiple variables of a user’s biometrics—fingerprints, typographical keyboard strokes, timing and other attributes—to detect any anomalies throughout a consumer’s experience.  

Although the rules have seen pushback from some in the financial community, requiring banks and others to have increased cybersecurity protections can only benefit consumers. Now they’ll just have to work on financial sector privacy issues.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.