In this article, we talk about the role of biometrics in mobile payment security. Read on to learn about smartphone security trends and more.
According to recent reports from Juniper, biometrically authenticated remote mobile payments are expected to grow by 383%, reaching 39.5 billion globally in the next five years. Increasingly complex password requirements and the number of sites that require passwords are creating the perfect storm of security risks when it comes to mobile payments. While user error is a risk in and of itself, the increasing number of hackers who can easily tap into a phone’s Bluetooth, NFC, or Wi-Fi connection and grab locally stored passwords is also a problem.
The idea that passwords are dead has been floated for a while, with many security experts emphasizing the increased use of mobile phones and the greater risk of financial and identity theft. Enter biometrics, which enables smartphone users to make purchases or log in with a fingerprint, selfie, or scan of an iris.
Biometrics surpass the security benefits of passwords by enabling authentication through physical attributes, which are unique to each individual and incredibly difficult to spoof. Where fraudsters can guess a password, they are unable to employ similar deception when it comes to biometrics.
Smartphones Merge Convenience and Security
Smartphones are also ready-made to handle the required informational inputs of biometrics. High-definition cameras, fingerprint sensors, and microphones all facilitate multimodal authentication to verify a user’s identity. Biometric authentication can happen via a combination of voice and facial recognition or fingerprint and voice recognition. Multimodal biometric authentication methods make spoofing nearly impossible.
Biometrics also caters to consumers’ growing need for convenience. Swiping a thumb or taking a selfie is significantly less time-consuming than remembering and typing a long, complex password. In real-world applications, users can log in within seconds using biometric authentication. When it comes to making purchases, authentication strictness can be adjusted across a spectrum, requiring fewer authentication methods for less expensive purchases and multimodal authentication for high-ticket items.
In its nascent stages, biometrics authentication still requires standardization. The FIDO Alliance is an industry consortium geared toward developing authentication specifications (including biometrics), leveraging native device authenticators for passwordless access to applications and resources. Built upon a membership that hails from every level of the smartphone supply chain, it is well-positioned to ensure every component in the biometric authentication process adheres to industry specifications.
Moving forward, this consortium aims to push client-side registration and authentication, keeping biometric data authentication and storage within the smartphone. Paired with adherence to PCI DSS standards in payment processing, merchants can also encrypt and transmit sensitive data to mitigate the fallout from server-side data breaches.
As mentioned throughout this post, biometrics is a significant improvement over passwords as an authentication method; that said, they are not perfect. Concerns still exist around spoofing and the ability to replicate some personal attributes like fingerprints or trick facial recognition systems with masks.
The bigger issue is actually the storage and protection of digitized biometric data. Biometric data can be copied, enabling fraudsters to pose as the true individual via a “presentation attack”. While stringent security measures exist for storing payment card data, biometric data has not yet faced the same scrutiny.
There are several options to increase security around biometric data. One option is to use biometric data in conjunction with a second factor (like geolocation or device type). Another option is the use of liveness detection, which can identify a presentation attack. Implementing these additional safeguards can boost consumer trust and the adoption of biometrics technology. The bottom line is that novel technology is not a good enough reason to veer from layered security practices. Despite its strengths, biometrics technology is more than just a one-size-fits-all solution to mobile payment security. It must be included as part of a robust identification process that leverages as many unique data points from users as possible.
Emerging technologies like machine learning are creating endless opportunities for biometrics in mobile payments. These next-level technologies enable frictionless, convenient user experiences without sacrificing security. As convenience and privacy become more important to consumers and security risks widen—biometrics in mobile payments will advance to meet the need.
Talk to our team about how you can gain a competitive edge with secure, best-in-class payment solutions.