High-risk bank transfers to unregistered accounts are a primary target once attackers gain access through phishing or credential compromise. To mitigate this risk, biometric facial verification is often introduced as a step-up control at the moment of transaction authorization.

This session shares real-world lessons from deploying biometric controls in this critical moment within a large public retail bank in Latin America. The initial rollout focused on individual customers, where early friction eventually stabilized. As the same controls were later extended to corporate accounts, new challenges emerged: high-volume payment days, time pressure, and delegated operators executing transfers on behalf of authorized account holders.

The session explores how fraud-driven security decisions exposed deeper identity and authorization gaps, what assumptions failed when scaling from retail to corporate use cases, and how thresholds, flows, and policies had to evolve to balance fraud prevention, usability, and real-world banking operations.