For years, biometrics has seemed like part of a distant, sci-fi future suited for the likes of movies and TV shows, but recent technology advancements have pointed us in the direction of linking our DNA to everything we do. From smartphone “touch ID” to cars that unlock with your handprint, biometrics technology is already working its way into our daily lives.
With the Internet of Things (the network of objects capable of connecting to each other to collect and exchange data) growing on a daily basis, it’s no wonder more and more people are looking to include their bodies as part of that connected network. And while we don’t think people are rushing off to implant computer chips in their skin, a WorldPay survey in 2015 reported that 49% of Europeans want to see biometric payments as an alternative form of payment technology.
Thanks to companies like Apple and Samsung, many banks are already allowing touch ID to authorize payments and money transfers, and some banks in Europe are allowing ATM withdrawals with the same fingerprint authorization (no card or PIN required). And vendors could certainly benefit from using the technology to authorize payments and cut down on fraud.
So how do biometrics work, and what technology can we expect to see more of in the coming years?
Types of Biometrics
A biometric is really just any way of identifying a person by comparing unique body characteristics to pre-established data (a stored image or scan, for example) to prove or disprove an identity match. Currently, there are four main biometrics being used in various security capacities: fingerprints scanning, facial recognition, voice ID, and iris recognition.
Fingerprint Scanning
How: A touch-sensing or scanning device takes an image of a person’s unique fingerprint and stores it for comparison against a live print.
Pros: Fingerprint ID is convenient, and it’s a growing option due to most smartphones having the technology required.
Cons: This method isn’t common in other devices, like laptops or desktop computers. There have also been reports of false positives and the technology being fooled with fake prints.
Facial Recognition
How: Technology identifies 80 nodal points on a person’s face and compares these to a digital image to confirm their identity through pattern recognition.
Pros: Many phones, laptops, desktops and tablets all have front-facing cameras, which makes this a fairly accessible option.
Cons: Utilizing this technology may require special camera equipment in devices, and storing digital images of people raises it’s own security concerns. (i.e., How will these images be protected from hackers?)
Voice ID
How: A person’s voice pattern is compared to a previously recorded vocal biometric to confirm someone’s identity.
Pros: Voice ID is user-friendly and relatively inexpensive. Most computers, tablets, and phones also have built-in microphone capabilities.
Cons: A variety of factors (like health and emotional state) can cause variations in speech patterns, which can lead to a false mismatch.
Iris Recognition
How: This technology analyzes patterns of a person’s iris to verify identity.
Pros: A standard camera can capture an iris image, and matching the capture to a stored image has been highly accurate in the past.
Cons: The iris can be hard to scan from a distance, and factors like eyelashes, eyelids and eye makeup can prevent a good image capture. Cataracts and blindness also make it hard for an iris image to be read and verified.
The options don’t stop there, though. Other biometrics includes DNA matching and ear, gait, odor, and vein recognition. But the real question is: do they work?
Concerns Around Using Biometrics
Undoubtedly, authorization through biometrics is one of the more secure ways of protecting data. Biometric scans and images aren’t nearly as easy to replicate as passwords — they’re incredibly unique, and they’re easily accessible to the consumer (your body parts are always with you). But while the use of biometrics is convenient for a consumer, the technology comes with its own set of security concerns.
Widespread adoption of biometrics would require the implementation of new technologies, at an increased cost to merchants. And with some businesses still falling behind in EMV adoption, there may be hesitation to add on another terminal or device.
Storage of the images and scans used in biometrics presents a security concern as well. Where will these things be stored, and how will they be protected from cyber criminals? As with any tech that protects valuable data, the more widespread its use, the more incentive hackers have to find a way around it, whether that’s through stealing the images or trying to fool biometric-protected devices and accounts.
The one drawback of biometrics that technology can’t do much about is the limited options consumers have to protect their data. You only have one face, two eyes, and ten fingers — if a system is breached, you can’t just order a new body part like you would a new credit card.
Taking a Layered Approach
While no biometric technology is perfect, these methods do take security a step further from the methods we’re currently using. Here at Bluefin, we believe a layered, holistic approach to data security is best. We know new advancements like the adoption of EMV have been a step in the right direction for payment security, especially when paired with tokenization and point-to-point encryption (P2PE). And incorporating biometrics into payments can add another level of security to consumer transactions.
If you want more information on securing your customers’ payment data or how to incorporate a holistic approach to security into your business, contact us today.