The financial-services industry is closer than you think to widespread adoption of biometric authentication, says Kirsty Tull. Here’s why.
There is always that scene in action and spy movies. You know the one.
In Mission: Impossible, they must defeat the facial-recognition system to access some secret data.
James Bond’s gun won’t fire for anyone but him, thanks to technology that recognizes, and only responds to, his palm print.
The villains in The Avengers can’t get what they need to defeat the superheroes without bypassing a retinal scan.
This all seems like technology of the far-off future, when it will be available only to global conglomerates or high-tech labs with something to hide. But the truth is that the technology exists today, is already in use, and is helping everyday people to keep their secrets safe.
The technology is based on biometrics. And, despite its still being a young technology, banks and payment processors are already using it for implementing controls and authentication methods.
What is Biometrics?
The dictionary definition of biometrics is the measurement and analysis of physical and behavioral traits and characteristics. We tend to say “biometrics” in technology and payments when what we really mean is “biometric authentication.”
Biometric authentication uses those physical and behavioral traits and characteristics to uniquely identify an individual. By collecting, analyzing, and comparing these traits, a person’s identity can be verified.
What kind of characteristics are unique in the sense that they can be used for identity validation? More than you would think. There are the obvious ones—fingerprints, DNA, iris scans, and facial recognition. But those are only some of the physical biometrics that can be used. Other attributes include hand and ear geometry, and even odor.
Behavioral traits also fall under biometric authentication. Typing rhythm, gait, voice, and gestures can all be measured and cataloged, and then compared to help confirm identity.
While these characteristics are harder to capture and analyze for identity purposes, they allow validation to occur continuously. For example, an identity system can constantly monitor typing rhythms, validating and re-validating identity without requiring the user to stop and enter a password or other security check.
Biometrics And Payments Today
It’s probably self-evident at this point how biometrics and payments work together. By using physical and behavioral traits to validate a user, financial institutions make it far more difficult to steal someone’s identity or use a payment card fraudulently.
The banking industry already thinks biometric authentication is worth investing in. There are 80,000 biometric-enabled ATMs in operation in Japan. Barclays Bank is using advanced finger-vein identification to validate corporate banking customers. And Mastercard Inc. last year moved from trial to rollout with its Identity Check app (widely known as “Selfie Pay” because the data it processes can include facial images).
Currently, the most widely used biometrics are the physical ones, namely fingerprint scans and facial recognition. Iris scanning, however, is moving quickly into view, with big banks like Citibank and BMO Harris testing ATMs equipped with the technology.
Holding up progress toward full adoption has been cost—the cost of implementing systems using biometric authentication and the cost of infrastructure to support those systems. Then there are the challenges associated with any early technology.
While there are some standards defined for government use and acceptance, there is little in the way of standards for biometric identification in industry. Thus, some businesses are hesitant to sink resources into a technology that won’t transfer easily to other vendors or may end up obsolete with little notice.
Additionally, challenges with early systems include hefty shares of false negatives and positives along with troubles using the equipment. These were the kinds of problems cited when the U.K.’s Border Agency shut down the IRIS program at several airports in 2012. Clearly, the payment industry can’t afford to risk significant numbers of false results.
Biometrics And Payments Tomorrow
The technology, however, is evolving quickly. Businesses are pushing for biometric solutions because they are already being accepted by customers. In a survey conducted by Visa Inc. across Europe, two-thirds of consumers said they wanted to use biometrics as part of the purchase process.
Thanks to the proliferation of biometric-enabled mobile devices, the technology isn’t a foreign concept to users. With the iPhone’s fingerprint scanner and Android’s facial-recognition features, many people are already holding biometric authentication devices in their palms.
These devices will help to make payments more secure, especially those made via mobile pay and e-commerce. The added benefit to both businesses and users is reduced friction in the buying process during e-commerce and m-commerce transactions.
Using biometrics to complete the purchase process improves the user experience, eliminating the need for forgotten passwords and card numbers and leading to fewer abandoned purchases during checkout.
It is unlikely, though, that we’ll see biometrics as a standalone identity-validation technique. Instead, it will be combined with passwords or other security measures as part of a two-factor authentication strategy. Not only is this what security experts recommend, but it’s what consumers want to feel secure. In fact, 73% of people surveyed in the Visa study saw biometrics as part of a two-pronged authentication scheme as the most secure configuration.
Every year, analysts declare that this year will be the year of biometrics, and in the very near future they will be right. Both consumers and merchants are ready for biometric payments. The benefits for e-commerce and even mobile payments are clear. And the technology has caught up to the needs and expectations of business. All the pieces are in place for biometric authorization to be the next evolution in payment security.