During an informal chat about technology and the implications for security, he told iTWire that banks had to consider how much marketshare they could gain before being the first to venture into new technology. Due to intra-industry competition, factors like cost of delay to market, potential financial and reputational losses if they are hacked and the ability to recover should they be compromised also had to be evaluated.
"The reality of it is that the cost of adding in security features may be more than the potential loss the organisation faces," Cookes said. "So it's possible that businesses will be deciding between accepting a loss and fixing the issue, depending on how badly their reputation is affected.
"Specifically, with banks, most can recover financially from hacks as the money is transferred from one account to another. So if the bank catches this in time they are able to reverse the transfer without any financial loss to the victim or bank."
"We now use fingerprint authentication and app-based one-time password authorisation as security mechanisms for mobile banking, which is widely used across all four major banks and is more secure than PC passwords. With that in mind, there is no doubt that in the near future banks will begin to move towards facial authentication as the preferred method for security."
He favoured biometric authentication and app-based OTP authorisation when it came to online banking. "People's biometrics are unique and with proper security measures in place, such as two-factor authentication it can be very difficult to breach," Cookes said.
"That being said, nothing is perfect when it comes to security and nothing is 100% secure. For example, facial recognition can be used to authenticate a user within extreme physical detail, but in order to get a 100% positive authentication it could take more than two minutes to scan someone's face.
"In the consumer world, nobody will wait two minutes in order to access their online banking, so the security measures needed to be scaled back to work within five or ten seconds, this allows the chance for people to falsely authenticate and gain access to bank accounts."
He said improvements were possible only with proper education. "Educational awareness is a big part of security today. Many people still don't understand the difference between fingerprint authentication on a phone versus password authentication on a PC. It's surprising to see that most people think PCs are more secure than phones and that fingerprint recognition is gimmicky and less secure."