If you work in the payments space you would need to have been behaving like an ostrich with its head in the sand to have missed the increasing barrage of persuasive arguments from supposed experts in the field who endorse the new wave of biometric authentication. David Parker takes a closer look
Biometrics in one form or another, from palm vein scanners, heart beat recognition and facial identification to brain wave patterning (yes all of these are real!) and the plain old fingerprint identification are forecast to be the future of security.
Biometric authentication offers great security that cannot be beaten, after all no two of us are the same for all these unique biometric elements. This beholds a future where using our unique traits we can login and authenticate with the financial institutions safe and secure in the knowledge that they know it really is the right person.
So the most important question to ask is what do consumers think of all this. After all, the first thing to establish with any new service is will your customers use it or might it prompt them to switch to another provider's system they find easier to navigate? As ever with research and analysis of potential consumer behaviour not everyone agrees. But as one might expect Visa and MasterCard have been strong supporters in their research:
MasterCard: 90% of participants in a pilot indicated that they would like to replace their password with biometric identification definitively. Almost 75% of users were convinced that biometric payments will decrease fraud.
Visa EU: 68% of consumers want to use biometrics as a method of payment authentication.
But there have also been other supporters such as research by Telstra Global that highlighted that the majority of US consumers using mobile banking applications prefer their mobile devices to feature biometric authentication instead of passwords and usernames. They also found that 66% of US consumers feel that biometric authentication would be more secure and help decrease the risks of fraud whilst 25% stated that they would even consider sharing their DNA with their financial institution in exchange for a more simplified authentication process and securing their financial and personal information.
Socure also carried out research and found that 52% of customers would rather use biometrics as an alternative to traditional passwords.
So there we have it- a clear slam dunk: consumers want biometric authentication. Or do they? Well, there are always two sides to any research story:
GMX research found that than 60% of the UK public would rather use passwords than biometric logins while more than 40% do not want companies to have any access to their biometric data. And 41% of respondents said they are afraid that a malfunction in the biometric technology will leave them locked out of their own accounts, while 33% of people said they are concerned that their biometric information could be compromised by criminals.
And in the US the picture is the same with research by Email.com finding that 42% do not want companies to collect save and use their personal data, 42% worried about not being able to access their online accounts in case of a malfunction, and around 30% concerned about online criminals thwarting biometric authentication methods. Finally, 9% said that they find the use of biometric data free of risk.
So do consumers want it? Choose your answer and there is research to support it. However, picking up on the point of criminals and risk is key to the second issue. Does Biometrics provide the security? It took only days for the Apple 5S fingerprint scanner to be hacked with sophisticated technology, and a little patience – Play Dough.
But if we look to technology such as voice biometrics surely that is fool proof, after all we are continually told how unique each person’s voice is. Well yes and no, you see those nice people that brought you picture editing software so you can edit all your pictures have announced they are working on a similar programme, yes you guessed it, a voice editing programme. Adobe has announced they are working on an audio version of Photoshop.
At this year’s Adobe MAX event, headed by developer Zeyu Jin the software was announced. After analysing about 20 minutes of speech from a given source, VoCo can accurately recreate the source’s voice, and configure that voice into new words and phrases that were not present in the original clip. By using a simple text box, users can add new words into the speech, seamlessly recreating a voice to edit a given clip in any number of ways.
Voice biometrics that has been launched by Barclays, HSBC and others around the world now starts to look rather less than 100% secure. After all the point of this is to stop you having to go through some of the rigours of normal security questions, but if the person talking could be anyone, then you are back to square one and need full security and passwords.
Criminals are in many ways brilliant business people, they assess the effort required vs. the potential reward and answer a simple business question: is the reward greater than the effort. As was shown by the recent Tesco hack where NFC phones were used for the transactional element, they will exploit any flaw.
Finally the point that I think a lot of biometric solutions miss is do you trust an organisation to collect and authenticate the information and perhaps even more importantly how do they know the biometric data they are collecting is actually for the person they say it is for. Someone could steal my ID then use this to create biometric data on themselves. This then gets passed around to other parties and all of a sudden my biometric security is compromised. The issue is how to ensure the biometric data captured in the first place really is attributable to the person whom it says it is for.
The hurdle the payments industry faces is that with consumers in many respects still highly sceptical of biometrics, when any one solution is launched and significantly compromised, how far back will it set the whole process of creating new forms of biometric identification?