Bofa Patent for Authenticating Mobile Transactions Includes Voice Biometrics
In early October, the U.S. Patent and Trademark Office issued a broad patent to Bank of America covering “A method for conducting a financial transaction can be used by a person using a mobile device to conduct the transaction.” The claims associated with the patent include description of processes that support many of the guidelines issued by the FFIEC (Federal Financial Institutions Examination Council) in 2005 regarding strong multifactor authentication of Internet-based transactions. Chief among those recommendations, which were updated in a supplement that was issued in June 2011, was the need for constant risk assessment and application of strong authentication for high-risk transactions.
The seven inventors at BofA applied for their patent in December 2007. The claims that resonate strongly with the FFIEC guidelines include a layered approach to authentication. The document defines a hierarchy of required authentication levels based on the characteristics of the person using the device and the level of risk associated with a given transaction. The patent also specifies mobile devices that are equipped with hardware, software or sensors that can read biometric information about the person in possession of the phone or other mobile device.
That biometric information can include fingerprint information, voice validation information, facial recognition information, and iris scan information. It can be invoked based on the level of risk assigned to a particular transaction or information query on a device that can be “configured to be used in connection with the payment card to complete the financial transaction, wherein the recognition feature recognizes the payment card.”
Many of these claimed methods seem to describe what people are already doing as smartphones morph into electronic wallets. But what seems to be most interesting (if not “unique and unobvious”) is explicit inclusion of biometric information in the authentication process that takes place at the point of sale when a mobile device is used. Whether assigning intellectual property rights regarding this activity to the Bank of America serves to accelerate or put a chill on future deployments is a mystery. Still it shows that one of the largest commercial bank in the U.S. recognizes that biometric information is vital to strong, multi-layered and multi-factor mobile authentication.