How Financial Organizations can Keep Biometric Data Secure

February 12th, 2018   |     |  security & compliance

Safeguarding information with a “something you know” password, no matter how complex, cannot prevent a data breach. Instead, companies are now implementing “something you are” passwords such as fingerprints and facial patterns, or biometrics, as part of their multi-factor authentication approach.

However, as biometric authentication becomes increasingly common in the financial services industry, employees and customers are beginning to show reluctance to comply with these new security measures.

And rightfully so, considering they can always change their password or get a new ID badge, but they can’t change their fingerprint or facial geometry. When adopting “something you are” passwords, it is crucial that companies understand how to safely store biometric data to ensure that they aren’t subjecting their employees to identity theft.

Here are five ways companies can secure biometric data:


When implementing biometric passwords, the first question that comes to an employee’s mind is “who has access to my fingerprint?” The answer should be a select number of individuals who have privileged and limited access to company and employee data. In essence, the less people who have access to employee biometrics, the better. Encryption

It is important for companies to encrypt all biometric data. This can be done through the use of a cryptographic key. By encrypting fingerprints, facial geometry, voices and other features, companies can keep malicious insiders and outsiders from replicating or using employee biometric information.


Since there are such risks associated with using biometrics, companies need to carefully consider whether they are even necessary for the information they hope to secure. In other words, not every data set needs biometric protection. In fact, the less biometric data you need to store, the less risk you create. That being said, decrease the amount of biometric data that you store by prioritizing which groups of data require biometric protection.


Businesses are using biometrics as part of a multi-factor authentication system – a layered security approach that combines passwords, biometric technologies, among other factors to limit access to critical information. But the multi-factor authentication system is actually part of a larger identity and access management strategy. If you don’t have one already, introduce an identity and access management solution to your security system that allows users to monitor who is accessing sensitive information. An identity and access management solution will notify admins if a suspicious user is attempting to log into a company account.


Rather than reworking your entire cybersecurity strategy, integrate biometrics into your existing systems. Work with your planning committee to introduce biometric passwords one step at a time. Be sure to set quantifiable goals to measure the system’s performance at each level of integration.

Before introducing biometrics, it is crucial that companies understand the risks associated with storing and managing thousands of employee fingerprints, facial patterns and other types of personal data. Through careful and well-planned integration, implementation, financial services companies can safely and successfully adopt “something you are” passwords.

Want to learn more? You can check out how we are empowering financial org’s here, or click here to contact us.

About the Author

Alvaro Hoyos leads OneLogin’s risk management, security, and compliance efforts. He also works with prospects, customers and vendors to help them understand OneLogin’s security, confidentiality, availability, and privacy posture and how it works alongside, or in support of, customer’s own risk management model. Alvaro has over 15 years in the IT sector and prior to joining OneLogin, helped startups, SMBs, and Fortune 500 companies with their security and data privacy compliance efforts. His commentary and articles have been featured in several publications, including CIO, CSO, Network World, Infosecurity, eWeek, and Help Net Security. Alvaro is a member of the Forbes Technology Council and has a B.B.A in M.I.S. and a M.S. in M.I.S. from Florida International University.

View all posts by Alvaro Hoyos

Secure All Your Apps, Users, and Devices