Authenticating Transactions using Bank-Verified Biometrics

In this paper, we propose a scheme by which banks can collect and verify biometric data eg, fingerprints, directly from their customers and use it to authenticate their transactions made through PoS/ ATM/ online console. We propose building a network of computers called BioNet to allow such transactions to be made online across the world. A BioNet server will be able to do 4 million transactions per second using GPU.

💡 Research Summary

The paper proposes a novel architecture, called BioNet, that enables banks to collect, store, and verify biometric data—primarily fingerprints, but also potentially iris or facial features—to authenticate financial transactions worldwide. The authors argue that traditional knowledge‑based authentication (passwords, OTPs) suffers from phishing, credential stuffing, and user‑experience drawbacks, and that biometric verification can provide a stronger, user‑friendly factor. The system is built around three pillars: secure biometric enrollment, a high‑throughput matching infrastructure, and end‑to‑end encrypted transaction flow.

During enrollment, customers present their biometric traits at a bank branch or via a dedicated mobile scanner. The raw sensor data is immediately hashed with a salt using SHA‑3 and stored inside a hardware security module (HSM) to ensure that the original biometric template cannot be reconstructed. The paper stresses that the enrollment process must be accompanied by explicit user consent and compliance with regional data‑protection regulations (e.g., GDPR, Korean PIPA).

BioNet itself is a globally distributed network of data‑center and edge nodes, each equipped with modern GPUs (the authors cite NVIDIA A100 as a reference). They claim that a single GPU‑enabled server can perform up to four million fingerprint match operations per second by combining deep‑learning based feature extraction with a fast Euclidean distance comparison. The matching engine runs as a containerized micro‑service orchestrated by Kubernetes, allowing horizontal scaling, automatic failover, and rolling updates without service interruption.

When a transaction is initiated—whether at a point‑of‑sale terminal, an ATM, or an online checkout—the terminal captures the user’s biometric sample, encrypts it with TLS 1.3, and forwards it to the bank’s BioNet endpoint. The server retrieves the stored template for the account, runs the GPU‑accelerated matcher, and compares the similarity score against a pre‑defined threshold. If the score exceeds the threshold, an approval token is generated and returned to the terminal; otherwise, the transaction is rejected and an alert is raised. The authors also describe a fallback to secondary authentication factors (e.g., PIN) in cases where the biometric match fails due to sensor noise or temporary physiological changes.

Security measures extend beyond the matching stage. All data in transit is protected with post‑quantum‑resistant signatures, while at‑rest data is encrypted with AES‑256‑GCM. The system employs data sharding and replication across multiple geographic zones to achieve both high availability and compliance with data‑locality laws. The paper outlines a governance framework that includes regular biometric template rotation, audit logs, and strict access controls to mitigate insider threats.

Despite the ambitious performance claims, the paper lacks empirical validation. No benchmark results are presented to substantiate the four‑million‑TPS figure, nor are power consumption, cooling requirements, or cost analyses discussed. The impact of biometric variability—such as cuts, moisture, or sensor degradation—on false‑negative and false‑positive rates is not quantified. Moreover, the authors do not explore privacy‑preserving techniques like homomorphic encryption or differential privacy that could further protect biometric data in the event of a breach.

In summary, the paper introduces a compelling vision for biometric‑based transaction authentication that leverages GPU acceleration to meet global transaction volumes. It outlines a comprehensive technical stack, from secure enrollment to distributed matching and robust cryptographic protections. However, the proposal remains largely theoretical; practical deployment would require extensive field testing, detailed cost‑benefit analysis, and stronger alignment with privacy regulations before banks could adopt BioNet at scale.