Here, we talk about the role of mobile biometrics in the payments ecosystem, the complete overview, and more.
Government entities have been a key driver of much global biometrics software growth. Additionally, the consumer market continues to expand as new applications of biometrics technology promise to close security gaps across several industries.
Biometrics technology is especially relevant within the Fintech and payments spaces. Given the accelerated growth of online transactions and the subsequent growth in online fraud, payments experts are increasingly emphasizing the need for a holistic, multi-layered security approach.
The demand for effective, frictionless solutions is increasing daily, especially as new payment technology presents more ways to pay and more avenues for fraud. This perfect storm of increased online transactions and increased online fraud makes biometrics an appealing option to help combat bad actors without impeding customer experience. Going by Juniper’s recent research, biometrically authenticated remote mobile payments are expected to witness massive growth, with reports projecting its value to touch $1.2 trillion globally by 2027.
In this article, we look at the breadth of biometrics options available, including physical, behavioral, and hybrid methods. Physical biometric solutions use measurements of unique characteristics pertaining to particular parts of the human body. This information is then translated into code that can be analyzed via artificial intelligence (AI) systems. Behavioral biometric solutions operate similarly but focus more on behavioral characteristics, including gait, behavioral interaction with devices, and more. With both methods—biometric information is captured, encoded, and stored in a database—then digitally sampled to authenticate a user.
Paying for something—whether online or in-store—requires several steps. Consumers must retrieve their credit or debit card from their wallets, swipe at the POS system, enter a series of numbers online (along with entering a PIN and/or other security info), and then store their card away again.
Mobile payments have removed some of these steps, with contactless payments relieving some of the burdens from in-store purchases and digital wallets. While this has enabled more seamless online transactions, the pain points still exist.
Additionally, emerging payment technology continues to broaden payment methods while creating more fraud opportunities. The ongoing struggle is to strike a balance between frictionless payments and secure payments. The idea of paying “in the background” is becoming more ubiquitous. Connected devices paired with biometrics enable devices to hone in on the details they need to facilitate payment on behalf of consumers, making purchase completion faster, more secure, and more convenient.
While these benefits are within arm’s reach, they are still being developed incrementally, adjusting to the regulatory environment. The pace at which technology is moving sometimes usurps the rate at which regulations can adapt, adding more roadblocks to widespread implementation.
Providing payment authorization has always been an obstacle and a point of friction in the process. Biometrics promises to eliminate some of this time-wasting friction. We may not be far off from a time when authentication moves from passwords and PINS to voice- and facial recognition and other biosignals. These body-mapping technologies are becoming more secure every day.
Mastercard’s latest tech could make credit cards obsolete by enabling customers to pay in stores using their face and fingerprints for authentication. A quick wave over a POS machine or a facial scan would authenticate and facilitate a payment transaction. This will guarantee shorter lines at checkout, quicker transactions, improved hygiene, and increased security. Mastercard’s intention is for this system to be globally interoperable so that users can easily access their profiles and payment information from any location.
Given the digital pioneering done with voice recognition in payments, it makes sense that voice biometrics be considered a security measure. It’s natural and seamless. It also utilizes an individual’s physical and behavioral aspects, making it a hybrid approach.
With voice biometrics, technology is able to slice human speech into thousands of readings per second. From there, it can evaluate up to 140 different parameters like pitch and tone and store these results as a mathematical representation, collectively known as a voiceprint. Similar to a fingerprint, these voiceprints can be used to confirm a person’s identity; however, it’s important to note that these voiceprints are based on probability rather than mathematical certainty, so security gaps do exist. There have been instances where people have been able to “fool” voice recognition systems by mimicking others’ voices.
While still in nascent stages, some companies have begun to explore the possibilities of heartbeat authentication—the use of one’s unique heartbeat pattern or electrocardiogram (ECG) to authenticate identity. While slightly more invasive than fingerprint or voice-recognition authentication, it is also less likely to be spoofed or hacked.
Heartbeat biometrics technology is also unique in that it has the potential to provide more data than just a unique authentication measure. Some companies are exploring tie-ins to health and well-being. One use being considered is enabling ECG signals to be used as a mechanism to start one’s car, but also providing additional safety features to alert drivers who are suffering from tiredness or may be under the influence of alcohol or drugs.
The methodology of this type of authentication is still being hashed out. One downside is that many ECG-based biometric algorithms require larger ECG samples of several seconds and are computationally demanding. Those invested in the technology strive toward lower-cost methods based on simple mathematical operations that pull smaller characteristics from ECG samples.
Anyone who owns a phone today has some familiarity with facial recognition technology. This biometrics technology uses a 2D or 3D sensor to capture a user’s face, translate it into digital data via an algorithm, and then use that data as a comparison point against an original image stored in a database. The technology focuses on specific, unique facial features, including the bridge of the nose, spacing between the eyes, the contour of ears, and more to verify an individual’s identity.
Facial recognition has several benefits; it is minimally invasive, has zero physical interaction required by the end user, and employs fast verification processes.
Iris recognition as a biometric tool is also on the rise. This technology taps into a user’s iris pattern (the iris pattern is unique and does not change throughout a person’s life) to verify their identity. This type of biometrics offers several benefits. For one, people have a different iris pattern in each eye, making it possible to perform iris recognition separately by each eye. The technology uses infrared cameras, making iris recognition possible at night or in the dark. Similar to facial recognition, there is no need for users to touch a device, making contactless authentication possible.
Unlike the other biometrics discussed, which rely on innate physical characteristics, behavioral biometrics look at measurable and identifiable patterns in human activities. Some examples of behavioral biometric verification methods include gait analysis, signature analysis, cognitive activity, and keystroke dynamics.
In combination with big data and machine learning technologies, behavioral metrics can tap into a mix of unique personal identifiers as well as device characteristics to authenticate a person’s identity. Using both facilitates the highest degree of accuracy. For example, behavioral biometrics may look at how keystrokes are made on a smartphone and combine that information with device-based indicators like geolocation. This data is run through risk assessment rules to determine the appropriate level of authentication.
Both smartphone and biometrics technology will improve over time, driving the increased use of biometrics authentication in place of passwords. Individual biometric authentication methods will also grow more sophisticated, expanding into deeper behavioral metrics that are easily collected and measured by smartphones. Authenticating people through biometrics rather than authenticating things (like passwords) will go a long way in increasing mobile payment security as antiquated authentication methods fade away.
Reach out to our team of global payment experts to know how you can leverage innovative payment solutions and stay ahead of the curve.
We’re giving you a fresh dose of insights, perspectives and the latest trends from the world of payments.