Since Peter wrote this in September 2014, we’ve posted more on biometrics and payments. Check out the popular three-part series written by Safran’s biometric experts in June 2015.
Hollywood films and science fiction have made much of biometric technology, whether it is retina scanners, voice recognition or finger print authentication. For a long time this technology was just the dream of scriptwriters and sci-fi enthusiasts, however, recent advances in this area have now made biometric technology for identity authentication possible.
Only a few months ago the Samsung Galaxy S5 and iPhone 5S launched featuring a finger print scanner for security. It is well-known that the mobile phone industry is a key indicator of what new technologies will soon become mainstream. For example, touch screens really took off once Apple brought out the iPhone. In the same way, app stores, originally only meant for the mobile phone market, created a huge buzz and now there is an app for almost everything.
The presence of biometric authentication within smartphones will create a consumer demand as people begin to understand the convenience and benefits of the technology. With this, there will be an opportunity for new payment methods. The technology is tipped as being the next step in secure identification, protecting personal information and yet allowing simple and convenient access.
There are a number of mechanisms currently in place to ensure that consumer financial information is kept safe and secure. Possibly the most well-known, chip and PIN, to keep credit and debit cards secure, was first tested by Visa in 1988. Since then, the technology has been broadly adopted across Europe and the rest of the world. According to the UK Cards Association, chip and PIN has helped to reduce card fraud by 36% in the UK over the last ten years. Similarly, when shopping online, new payment methods such as digital wallets are helping consumers to be even more secure, as they do not require any card information to be shared with a third party at all.
The benefits of deploying biometrics from a security perspective are mixed. Whilst the direct fraud and security benefits could be substantial in some environments, deploying it across an established infrastructure often creates investment business cases which are difficult to justify on cost / benefits alone. In addition, the customer enrollment models can be painful and there is always the concern that some customers may consider this a civil liberties issue.
In addition, not all biometrics are equal, and performance can differ widely between technologies with all tending to be open to some form of false accept and false reject issues, proving again that no single security solution can operate in isolation. This doesn’t mean that biometrics are invalid for authentication purposes: just that the limitations they offer need to be understood, and factored into the wider security package which they support.
We will continue to see research and development in the biometric space. For all new innovations, the first wave is invariably accompanied by excitement and unrealistic expectations. These hopes are often quickly dashed as problems are discovered, but it doesn’t take long before bugs are ironed out, issues are addressed and better versions of that innovation become available. Some of the greatest inventions that we take for granted started out this way; the television and electric light bulb are two perfect examples.
The inclusion of biometric authentication technology within smartphones is likely to become increasingly commonplace and it is likely that customers will increasingly adopt its use. Not because they love the security, or because they appreciate the nuances of the risk models that these can connect into; but because they are easy to use and a bit of data privacy makes sense to most of them. This will serve to educate consumers and normalise the technology which, in turn, will begin to filter into other environments and uses.
This filtration into the payments landscape is actually already taking place. Barclays and Hitachi have today launched a “finger reader” device in the UK, while in Poland, 1,730 cash machines have been equipped with “Finger Vein” technology, allowing people to scan their finger to withdraw money from an ATM, with no need for a card or PIN number. Similarly, in Japan, palm vein technology is being used in the banking sector to provide advanced security at ATMs. The technology uses infrared lighting to read the veins of a person’s finger or palm by sensing the deoxidised haemoglobin, something that is unique to every person on the planet and therefore extremely difficult for criminals to steal and/or replicate.
It is not just personal biometric authentication projects that are beginning to make waves. Barclays has also adopted advanced voice recognition technology in its call centres that is able to identify a customer after just a few seconds of normal conversation.
Going forward, this is a technology to watch. Biometrics are coming and are being adopted by consumers as they understand that it makes their life easier. As they become more used and accepted then they will increasingly be drawn into payment, not because they are a perfect solution to security, any more than PIN is today, but because together with the other risk and control models which already operate within the payments environment, they will deliver additional simplicity and convenience for our customers’ already hectic lives.
And anything that helps make payment that just that little bit more intuitive and removes just one additional thing to think about, has got be worthwhile…