To stay ahead of hackers, consumers create more elaborate passwords filled with dashes, digits and capitalizations. As a result, our passwords have become so complex that we need password managers just to keep track of them all.
Forgotten passwords lead to abandoned purchases and password resets that leave our most valuable data vulnerable to social engineering and brute-force attacks by hackers.
From a 21st-century perspective, passwords are antiquated. But all that is about to change as we enter the age of biometrics.
The Password is YOU
Passwords are merely avatars — stand-ins designed to prove that you are, in fact, you. So why not remove the middleman altogether? This is the motivation behind biometric security. Similar to DNA, our body is equipped with all sorts of unique biological markers. With biometric security, your fingerprint, heart rate, tone of voice and even the pattern of your iris can be turned into code that proves your identity. The longest, most obscure password is still inferior to biometric authentication, since you can’t guess, hack or fool unique biological attributes — you must possess them.
Using microphones, fingerprint sensors and cameras already built into our smartphones and laptops, “multimodal” biometric authentication employs a series of voice- and facial-recognition markers to prove your identity.
With biometrics, consumers no longer have to create and remember passwords — authentication is simply part of who they are. Irish biometric company Daon uses voice, facial and fingerprint recognition to verify a phone’s owner, but it also picks up on GPS signals. If a phone’s owner is buying a cup of coffee or shopping online from home, the authentication threshold is less stringent.
But if a user is making a large purchase 300 miles from home, the number of biometric markers required to authenticate their identity increases. When combined, these biometric markers create an authentication score. Only when the score passes a certain threshold can a user gain access. While it may sound rather complicated, this kind of authentication can be done in seconds.
Biometrics Gets Serious
Companies like Daon, along with major players like Google and MasterCard, founded the FIDO Alliance, a nonprofit designed to develop biometric best practices for tech companies who manufacture microchips, hardware and software for mobile devices.
In the future, smartphones will use a variety of physiological and behavioral biometrics to authenticate users, ranging from the way a phone is held to body odor, heartbeats, vein matching and even ear-shape recognition.
One of the most critical standards promoted by the FIDO Alliance is that biometric data should never leave a user’s smartphone. Any time large amounts of data are aggregated, it becomes a tempting target for hackers. With client-side registration and authentication, you control access to your unique biometric markers — preventing the possibility of corporate biometric breaches.
Reaching New Audiences
Motorola’s flagship smartphone started the biometric revolution in 2011, closely followed by the iPhone 5S and Samsung’s Galaxy S5, which shipped with embedded fingerprint scanners. With the launch of Apple’s Face ID system, built into the iPhone X, 2018 is turning out to be a landmark year for biometric security.
By 2019, 770 million biometric authentication apps will be downloaded — dramatically reducing the need for passwords. But for biometrics to take hold, consumers must become educated about this new technology, and comfortable about how their data will be stored and used. For many consumers, the convenience of a world without passwords, PINs and security questions will eventually win out over their fears.
As biometric payments reduce friction and increase seamless transactions, PINs will become a thing of the past. Biometric EMV cards will come equipped with built-in fingerprint readers that allow users to rest their finger on the card reader to verify their identity. Fingerprint data will be stored on the card itself and not on the bank or store’s servers.
Fraud detection will also become smart and seamless. Forget about those “was this you?” verification texts from your bank. Financial institutions will analyze a matrix of biometric factors and assign a “risk score” to each transaction — making fraud detection less disruptive to users.
We may even see a world with zero payment friction. Payments could become so seamless that banking applications won’t have a user interface at all. Consumers may be able to transfer money to a friend with a simple voice command.
State-of-the-Art Security Risks
Declared the most disruptive technology in digital commerce, 62% of consumers already feel more secure using fingerprint IDs over passwords. And by 2020, biometrics will secure 65% of mobile commerce and net $34.6 billion in annual revenue.
As biometric security becomes mainstream, ambitious hackers will search for workarounds. And if biometric data is stolen, consumers can’t get a new face or new fingerprints. These sensitivities are the reason why so many companies are wary of adopting biometric security markers. The moral and legal implications of storing and securing biometric data are immense. And many consumers will only accept this new technology if the markers are stored on their own devices.
Hackers have already proven that they can fool Apple’s facial recognition technology with masks made on 3D printers. And biometrics breaks the core tenants of authentication — secrecy and the ability to replace them if compromised.
Our smartphones also have a 1 in 10,000 chance of making a mistake. These false verifications mean that for every 1 billion fingerprints authenticated via smartphone, a million could be wrong.
Despite the security risks, the age of biometrics is coming, offering seamless, frictionless and secure payments for all. Customers already use their faces to log into Lloyd’s, Wells Fargo and HSBC banks, and MasterCard has already unveiled “selfie pay” to its European customers.
In China, companies have access to a government image database of 700 million people — half the country’s population. This facial data is being used for security, policing and counter-terrorism, but commercial ventures too — predicting people’s food choices and offering entrance to amusement parks and trains.
Engineers at an Israeli company called Face-Six have invented a way to transform photos into texts — measuring data like the distance between eyes and transforming it into simple texts that can identify one face from millions in less than a second — and with 99% accuracy.
In Norway, this kind of facial recognition is already screening travelers at airports. Soon this technology will be used to identify missing persons, call role at universities and feed shoppers personalized ads at stores.
Insurance giant Aetna will soon replace passwords altogether — relying on fingerprints and behavioral biometrics like the way you move your mouse. And Barclays is introducing vein-ID scans that examine the arrangement of your blood vessels.
While this kind of technology may sound very Big Brother, it will soon become a part of everyday life.
A New Security Standard
Riddled with loopholes and outdated for over 30 years, hackers may be the only people who mourn the death of passwords. In 2016, 40% of the world’s 1 billion smartphones were equipped with biometric recognition sensors. By 2020, that number will reach 100%.
Whether the payments of the future are made with a plastic or a retina scan, Bluefin protects customer data the moment the information enters a payment system. To learn more, contact Bluefin today.