What if you could authenticate your payments with a scan of your finger or your iris? What if you could take a selfie to authorize a banking transaction? Would you do it? Set aside all fears, the future of payment authentication is strictly connected to our body.
Biometrics are already considered the most important technology to transform how we make purchases, online and offline. An advancement that will improve security, but also shape a completely different customer experience.
If you take a look at the news of the past months, you will see a pretty obvious red thread: today, the traditional passwords are not sure, if they ever were.
Yahoo has reported three attacks in less than one year, with million accounts hacked using a forged cookie to bypass the user password. The same has happened recently to millions of Xbox and PlayStation accounts.
If your account has been compromised, you not only feel exposed; you are also in danger of losing all your personal data. That usually means other passwords, banking accounts, all sorts of sensitive information.
Traditional passwords are faulty in so many ways. First, they are based on the assumption that people will act smart for his own safety, creating a complex string. The reality is, most of the times the passwords we choose are simply lame (who said birth date?).
Second, they are easy to steal or hack. At the end of the day, they are just a sequence of numbers, letters, and keyboard patterns. Of course, a longer sequence will make a better shield but, then, it becomes harder to remember.
Third, they are inconvenient and somehow awkward. When you have to authorize a payment you do not want to waste your time typing a password made of more than twenty characters and containing upper cases and special symbols. This is customer experience at its worst.
So, with their illegal behaviors, the hackers have fulfilled a role of public utility: they have shown to the world that we need other means of authentication. Especially when it comes to making a payment. That is why biometrics has become so popular in the last few years.
Philip K. Dick, one of the greatest readers of the future in Science Fiction, in the Mid Sixties wrote a story about a world where all activities would be managed by scanning one’s fingers or iris. You had to guarantee your actions with your own body.
At one point, the main character was not able to exit his apartment, because he had months of unpaid rent, and every single door scanning resulted in a failed attempt. In his dystopian perspective, the author had foreseen what is happening right now with biometric authentication. “Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits. Unique identifiers include fingerprints, hand geometry, earlobe geometry, retina and iris patterns, voice waves, DNA, and signatures.” (TechTarget)
Fingerprinting is the oldest example of this type of authentication, and it is still today the most popular form of biometric. According to a 2016 research by Visa, two-thirds of customers want to use biometrics when making payments, because they think payments will be faster and easier.
“Biometric identification and verification has created a great deal of excitement in the payments space because it offers an opportunity to streamline and improve the customer experience. Our research shows that biometrics is increasingly recognized as a trusted form of authentication as people become more familiar with using these capabilities on their devices.” (Jonathan Vaux, Executive Director of Innovation Partnerships at Visa Europe)
From the customer’s point of view, today biometric measures have two major applications:
- They can be utilized to log into the mobile app, adding an extra layer of security (i.e. banking apps that use voice authentication).
- They can be utilized to authorize a single transaction, online via the app or in the physical retail store (i.e. Apple Pay and Android Pay that use fingerprints).
We see a growing interest, and it is not by chance that Juniper Research has listed it as the most disruptive technology in Fintech for the upcoming years. Today, its success is due in large part to the proliferation of fingerprint readers in smartphones. In the future, though, other factors will get into the game.
One brilliant example comes from MasterCard Identity Check, a new mobile app to allow customers to authenticate and authorize a transaction taking a selfie. The ‘selfie pay’ enable app users to confirm a payment not only via finger scan but also via selfie recognition, showing their face to the smartphone camera.
To avoid any attempt to deceive the authentication process, the system requires the customers to blink, instead of just staring at the camera, to confirm that it is really their face.
We have long said that the passwords we use today are dangerous because they can be hacked and used against our will. What about biometric tech? One constant issue is that, unlike passwords, they cannot be changed. So, they have to be stored somewhere by the financial company to be used and reused without problems or delays.
This poses various questions about the privacy of the process and the security of the data. Regarding the first issue, let’s get back to Jonathan Vaux:
“One of the challenges for biometrics is scenarios in which it is the only form of authentication. It could result in a false positive or false negative because, unlike a PIN which is entered either correctly or incorrectly, they are not a binary measurement but are based on the probability of a match. Biometrics work best when linked to other factors, such as the device, geolocation technologies or with an additional authentication method.”
That is the reason why biometric payments mostly use a two-factor authentication, a security process in which the customer provides two authentication factors to verify their identity.