Timeline
May-Sep 2022 (5 months)
Team
1 PM (me), 2 Engineers
My Role
End-to-end Product Management, Stakeholder Alignment, Authentication and Identity System Management, Data privacy and Security Framework Design, Regulatory Compliance Navigation
Banks and airports had deployed biometric systems, but operated independently with different customer data privacy regulations.
Travelers who had already enrolled biometrics at banks showed confusions at the biometric check-in at the airports, generating ~20 mins bottleneck at airports.
- Use an intermediary (KFTC, my company) for infrastructure operational efficiency across 12 banks and 14 airports
- Identified phone number as the safest interoperable identifier
- Defined the phone number management framework; update, reconfirmation
Eliminated ~20mins of airport check-in bottlenecks to less than 5 mins
Drove adoption of biometric airport check-in to 500K enrolled users within one year
With phone number verification add-on, accuracy level remained safe
Both banks and airports in South Korea had already deployed biometric (palm vein) systems but they were operated independently. Among 7M+ customers who had already enrolled in biometric systems at banks, yet still faced 20-minute check-in delays at airports, assuming the two distinct systems would carry over.
20+ minutes delay per airport check-in, creating bottlenecks during peak-hour
7M+ banking customer biometrics stored and utilized in financial services only
.png)
Banks and airports both used 'palm vein' for the main biometric data. Banks deployed the systems in the kiosks to identify the customer identity, whereas airports leveraged them at the check-in systems.
- I worked with vendors whose biometric models were independently evaluated through national testing bodies (e.g., U.S. and Korean biometric test centers) to establish baseline accuracy and reliability.
- As the PM, I then defined deployment guardrails—including acceptable accuracy thresholds and zero-tolerance criteria for financial use cases.
- To stress-test edge cases, I led additional internal testing using synthetic and fake artifacts to measure false-positive risk, especially scenarios that could result in incorrect financial authentication.
Banks could extend the value of providing additional seamless travel experience for potential 7M+ customers
Banks and airports could maintain their existing hardware sensor
Travelers have same mental models and experiences in using the sensor
Since banks and airports were operated under different compliance regulations, they used different methods of managing customer data. Also, since the scale of cross-industry integration was at the national level, the infrastructure complexity was also a major concern.
Personal Identifiable Information from banks and airports were differently managed.
- Banks: personal ID (SSN)
- Airports: name
However, by financial regulation, it was prohibited to share the personal ID to non-financial organizations (airports).
Directly connecting banks and airports would mix financial identity with travel behavior, increasing the risk of privacy concerns.
12 banks X 14 airports required dozens of infrastructural integrations. And there was no precedent for cross-industry biometric reuse.
Banks were already connected to KFTC by financial compliance regulation, and KFTC only stored half of the biometric data with an unidentifiable customer ID, not full financial identity. By placing KFTC between banks and airports as a limited intermediary,
Airports could reuse bank enrollment data without accessing financial data
Banks could avoid exposing sensitive identity information
One neutral intermediary coordination can minimize infrastructural complexity, while also preserving trust
Since I have decided to utilize phone number as the main identifier, I had to define the rules to prepare for possible changes in phone number.
How to update and notify changes in customer phone numbers across multiple bank channels
How to require re-confirmation if the phone number ownership has changed
How to detect overlapping phone number input and map with one biometric data set
Most travelers never knew there were three systems (banks, airports, and KFTC), two industries, and a regulatory compliance behind their check-in. Good experience comes from seamless and obvious workflows, but with thorough and complex logics behind the scene. If users don’t have to think about it, I can give myself a pat on the back that I did my job well! ;)