Authentication: Natixis Testing Biometric Identification

• The CNIL has just approved Natixis’s request to trial a biometric USB key letting its customers identify and sign their online transactions. This key would be a means to fight identity spoofing, and is intended to replace traditional IDs and passwords. Testers first have to initialise their key through storing their fingerprints and registering their certificate from Natixis’s website.

• For future transactions, once authenticated on the group’s portal, customers would insert their key and opt for certificate-based authentication or signature: the dedicated sensor allow them to prove their identity.

• This solution designed by Natixis’s Lab Cash Management, relies on an external device that the customer has to pick up in person to secure sensitive transactions (insurance, funds transfers, etc.) and operations initiated by companies’ treasurers.

Source: Natixis press release

• As the number of online attacks keeps increasing, banks and other payments players have to resort to innovative devices to improve their customers’ confidence: this new solution mainly intended for business contexts, is unique on the French authentication market as it relies on biometrics.

• User data only get stored on the key, and the bank does not have to handle it which explains why the CNIL, opposed to central sensitive data storage, did approve this test phase. The key can only be used on fixed workstations, and does not concern mobile devices. For this standpoint, Natixis has been testing mobile signatures since March 2011 through mySignature feature built-in its myCashManagement app.

• Finally, a March 2000 French law provides the same legal value to digital signatures as handwritten ones.