As of March 30 of this year, the CNBV will require banks to capture the fingerprint of users who open an account or credit.
6 min read
The opinions expressed by employees are personal.
Mexico ranks eighth worldwide in identity theft ; Most cases are due to loss of documents (67%), theft of wallets and portfolios (63%) and information stolen directly from the bank card (53%), according to data from the Bank of Mexico .
Identity theft in financial institutions remains a difficult risk to combat, so as of March 30 of this year, the National Banking and Securities Commission (CNBV) will require banks to capture the fingerprint of the users who open an account or credit, in order to give more security in transactions.
The goal is that with this measure and the entry into action of the National Personal Identification Service, biometric information of more than 120 million Mexicans can be obtained in 2023 and the risks of identity theft are minimized, whether due to fraud or administrative errors .
“Registering our biometric data in the bank could be one of the simplest, free and safe mechanisms to shield transactions and ensure that each movement is made exclusively by the account holder,” explains Luis Madrigal, director of. “Although the law protects us against unrecognized charges, it is always better for each cardholder to take precautions to personalize and protect their plastics in case of theft, loss or cloning,” he adds.
In order to guide people who need to start paperwork with banks and financial companies as of March, the financial services platform gathers the main concerns about taking biometric data:
What are biometric data?
It is a trait of physical or physiological property (such as fingerprints or eye mark), of behavior or personality element (such as signature or writing) that corresponds to a person, which cannot be altered, in addition to being measured and verified.
Unlike a password that can be changed by another one, the biometric information (for example, the fingerprints, the face appearance or the voice bell) cannot be changed and gives access to the unique identity of a person, therefore it guarantees better safety, but also greater responsibility in its use.
What are the biometric data that the bank will ask me?
As of March, all persons requesting an account or credit must register their fingerprint; and later the capture of the eye iris, face and voice is foreseen.
In addition, with prior notice and consent of the user, the bank will verify these records with the database of the National Electoral Institute (INE) to verify the identity of anyone requesting to open an account or a credit line.
For the client, the process is very simple, free and should take less than 10 minutes. You only need to be present at the branch, identify yourself with the INE credential or passport. The fingerprints that are compared with those stored in the INE are taken and the facial fingerprint is recorded.
Is it safe to give biometric data?
Authentication with biometric data raises security measures to prevent identity theft, but hacks could still occur to commit crimes. A very important aspect is that when delivering this data, the user will be informed of who will have this storage and the power to request that their record be deleted when they decide to stop being a client of the financial institution.
Biometric information is considered as personal data and protected by the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and the General Law on Protection of Personal Data Held by Obliged Subjects (LGPDPPSO).
How should biometric data be used?
Once the biometrics are registered, they will be used when the client makes a face-to-face operation, such as desk balance inquiry, withdrawal for a more certain amount with a debit card or wish to open an account. The identification of the client will be compared with the records previously obtained, which will allow to detect any attempt of impersonation.
The main biometric data that will be taken from March in Mexico are:
1) Voiceprint . One of the increasingly common methods in banks such as Santander and Citibanamex. The frequency, speed and accent are verified with the voice imprint to match those of the enrolled client. This fixed password method takes less than 2 seconds to authenticate.
Some inconveniences of this system are the high cost that it implies for the institutions, as well as the permission that the banks must have on the part of the clients before recording voice records.
2) Fingerprint. Valid that the characteristics are equal to those registered in the INE. Banks such as Banorte, Banco Azteca and Citibanamex, among others, already make mandatory the use of the fingerprint at the branch when customers request account opening, consumer loans, in case of contract or cancellation of digital banking, request or delivery of credit card credit or debit, assignment of telephone service code or modification of general data.
3) Facial recognition. In this case, the traits of the captured face are identified and that they have the same distance between the pupils, position of the nose and dimensions against the characteristics recorded by the person. The BBVA and Banorte apps already have such a scheme thanks to authentication through selfies.