The mobile-powered planet

By Philippe Le Pape, VP Partnerships and Presales • Safran Identity & Security

June 10, 2016

This week, Visa Europe presents a three-part series on a subject that is dominating the headlines: biometrics. We have invited Safran, the leading supplier of technology for security as well as aerospace and defence, to give us its perspective on why biometrics is such a hot topic today and where they see the industry heading. If you missed the first two parts of the series, check out “Cybersecurity and the road to biometrics” and “Look! No PIN”.

Earlier, we touched on how mobile devices now dominate our lives – whether for entertainment, communication, work, or shopping. Mobile technology, in the form of phones, tablets and notebooks, has changed our lives faster than any technology before it. It has achieved this in many ways, not least by making communications routine, irrespective of time and place.

Biometrics as a password replacement for computers isn’t new; fingerprint scanners have been common on laptops since the launch of Windows XP in 2001. However, it is the sheer ubiquity of mobile devices that is likely to drive biometrics as the preferred method of authentication. Already, fingerprint scanners and facial recognition software have made their way on to these devices.

Ironically, it is the very form-factor that mobile devices employ that has driven the need for an alternative to traditional passwords. Small screen sizes, with tiny-keyed clumsy keyboards make it difficult to enter complex passwords; made even more difficult as devices are typically used ‘on-the-go’. As a Band-Aid, most devices offer features to “remember” passwords, making them less secure, particularly as mobile devices are far more prone to being lost or stolen. On top of that, mobile applications, including those that may have access to saved passwords, have proven difficult to vet. Such rogue apps have been identified as a major attack vector by Security Analysts, but even the major App Stores have fallen foul to privacy-raiding apps over the last year. In 2014, Symantec found that 17% of all Android apps (nearly one million) were actually malware in disguise. All of these factors expose the identities of mobile device users to additional risk. New biometric services are evolving to meet these new security needs; for instance, MorphoTrust’s US-based Identix Trusted Identity-as-a-Service (TIaaS) platform enables developers to bring identity verification to mobile devices across a wide range of services (Ref. 7).

It is interesting to note at this point the economics that are, in effect, driving the consumerisation of the biometrics marketplace; the worldwide device market in 2015 was around 2.5bn units. It should also be noted the considerable efforts by all the major payment vendors to make the smartphone the platform of choice for contactless payments. A perfect storm is coming that will drive the need for industrial-strength biometrics on consumer devices. The Mobey Forum predicts this storm will drive rapid adoption and that over a billion people will be using biometric systems to interface with online banking systems by the end of 2017.

It’s The R&D, Stupid!

To be a leader in biometrics requires considerable investment in R&D and expertise in a range of complementary disciplines; these disciplines include image acquisition and processing, shape recognition algorithms to create templates, cryptography to secure the template, database architecture know-how to build a template database, algorithms for template verification, and more. Today, the leading players in biometrics invest heavily in optimisation and interoperability of algorithms; according to the Mobey report the resulting advances in accuracy and speed of biometric solutions are such that the US government federal resource on biometrics – biometrics.gov – states, “most biometric systems have a high accuracy (over 95 percent and many approach 100 percent)”.

At a more practical level, biometric solutions have driven innovation in deployment and ease-of-use as demand for solutions with minimal training requirement for operators, such as in border control, has risen. Consumerisation of biometrics, where ease-of-use and overall ‘user experience’ are even more important, will drive this further. A classic example of this is the inclusion of fingerprint scanners in smartphones; no one remembers the first smartphone to include a scanner – the Motorola Mobility Atrix 4G in 2011. However, people do remember Apple introducing a fingerprint scanner on the iPhone 5s. The difference was deep integration with the iPhones operating system and Apple’s well known ease-of-use. As the Mobey report notes, this led to an immediate jump in the use of the iPhones security features.

To Serve and To Protect

As a strong advocate of biometrics for authentication I am sure that users will benefit from the ease-of-use, increased accuracy, reliability and security that biometrics will introduce to their digital transactions. Of course, biometrics aren’t a cure-all for online fraud, but can – and will – provide a robust solution to many of the issues faced by both service providers and their customers.

But: the need for multi-factor authentications will not go away; in fact, well-designed systems will insist on it. Safran Identity & Security is absolutely certain that the devices people use in the very near future will contain a fusion of biometric authentication features for increased security, as well giving the user options should the device become confused (for instance, the need to bypass the fingerprint scanner following a hand injury).

One of the problems faced by those of us either deploying services or creating security for those services is the disconnect in understanding by individual consumers of the threat level that exists to any device connected to the internet. Symantec recorded 348 million exposed identities through attacks in 2014, almost 90 million coming from financial and government sectors. There is still a job of work to be done in raising awareness of cyberspace issues. President Obama’s CNAP and the EU Cybersecurity Strategy are a start, but there is a global education role for the industry to play too.

Lastly, something else I am an advocate of: that the role of biometrics is to ensure that the security and privacy of an individual’s data (or, indeed, an enterprise) is not undermined at any point in a digital transaction. Its role is to serve and protect, not to be an Orwellian oppressor.

Share this post

Like this post

Related Articles

Securing the future

August 03, 2016

Historically, payments existed in a tightly controlled ecosystem – issuers were often also acquirers, the production of the plastic and the devices were managed through a strictly monitored programme. Looking back, it feels like it was a relatively contained environment.

That environment will not exist in the new economy – instead, we will have huge numbers of players with contributory roles, all interacting with each other.

Jonathan Vaux Read More

Digitalisation drives the future of payments

July 18, 2016

Our Visa Futures event in Cannes experienced a high level of interest in digital topics, especially digital payments. In the past months and weeks, we already saw some significant initiatives in terms of digital payments in the Central Europe region. In Switzerland the Swatch Bellamy, a watch which allows contactless payments, launched as well as Apple Pay. We suspect that this is still just the beginning.

Albrecht Kiel Read More

What is Payment Tokenisation?

August 10, 2016

Visa’s Tokenisation technology is enabling Europe's payments industry to create a new generation of digital payment experiences while protecting consumers’ sensitive information from fraud

Inma Anglada Read More

Apple Pay: A great leap forward in the mobile payments revolution

July 14, 2015

Today, Apple Pay officially arrives on UK shores. This is a major moment , not just because people in the UK can now buy their morning latte on their Visa card at the touch of an iPhone, but because of what this launch means for mobile payments more broadly.

Jeremy Nicholds Read More

Processing payments: delivering speed, reliability and security

June 09, 2016

At its core, payments processing is all about speed, reliability and security. The payments ecosystem is becoming more global and driven by innovation. At Visa Europe, having established separated scheme and processing businesses ahead of today’s European regulatory deadline, we are positioned well to continue to deliver the core processing capabilities that meet our customers’ needs.

Tom Houghton Read More

Money2020: Visa Europe Collab talks wearables and authentication

May 06, 2016

We were excited to be part of the Money2020 conference place earlier this year. Collab Innovation Partner Mike Philpotts took part in a panel talking about the evolution of wearables and authentication systems and shared some highlights with industry news site Finextra, as well as talking about some of Visa Europe Collab’s work exploring the space.

Mike Philpotts Read More