Blog article
See all stories »

The Changing Face of Mobile Payments

You cannot fail to notice that biometrics is having an impact everywhere!  From access control systems to mobile banking and in particular it is likely to be facial recognition that will have the greatest impact over the next ten years.

According to research firm Tractica; facial recognition adoption will grow from 28.5 million mobile devices in 2015 to more than 112.8 million by 2024, and at the forefront of this prediction will be mobile payments and authentication.  While that is just a forecast, many mobile payment experts predict it will be far higher and as much as 450 million mobile bank customers will be using some form of biometric authentication by the end of this year, according to a recent study by Goode Intelligence.

Many predict that paying by face or a selfie will become more standardised than 
currently the fingerprint on your smartphone, such as Apple’s Touch ID which uses a fingerprint sensor.  This is because facial recognition is a more reliable form of biometric technology compared with a fingerprint.  The fingerprint sensor has already shown its vulnerabilities and been spoofed by various hacking organisations.  This could lead to a lack of consumer confidence if you have had your fingerprint template stolen.  It is not an easy process to retrieve because currently all fingerprints are stored on the device which means it cannot be compared against a central database to prove that it is “really” you.  Fraudsters are fully aware of this, therefore security is a very important part that biometrics must have. 

Facial recognition technology has around a 95% degree of accuracy.  However, facial recognition on its own should not solely be relied upon because biometrics is not an exact science and often depends on certain environmental conditions.  For example shading or poor lighting, shadows or even people of a darker skin may result in some failure rates.  Therefore a multimodal approach is required and using a combination of biometrics such as fingerprint, face, voice, iris and even vein is going to be necessary as well as it will also very much depend on what each user is comfortable with.

 If facial recognition is combined with other biometrics such as a voice, iris or fingerprint, then this raises the levels of certainty to around 99.5%.  It will also depend on the level of risk too.  Just accessing your bank account or making small payments may only require one simple level of authentication.  For example, when Apple Pay launched in the U.K. in July 2015, it will allow up to a £30 limit with just one touch of your finger to authenticate a transaction.  While this would be seen as a quick and easy way to pay for goods and services, consumers will also have to be careful because it is very easy to make mistakes and once the payment is made and left your account, it will not be possible to “undo”!

However the driving force towards faster payments and a frictionless way of paying via your mobile wallet is where biometric technology is going to play a central role in the verification process.  There are already many ways you can use your mobile device to pay for things and leave your physical wallet/purse and cash at home.  While currently the Touch ID fingerprint is how Apple Pay, PayPal, Samsung Pay, Android Pay and some banks will use as part of the authentication process, there are many other banks and payment services providers that are now considering a combination of both face and voice recognition through your mobile app.  Together with your fingerprint, they will form a part of your customer biometric profile.  Some banks are already using it.  In the United States, the USAA bank allows its digital customers a choice of either fingerprint, face, voice or pin to verify access or transactions.  They were able to recently survey over 1m of its customers and while the fingerprint was around 80% of what customers presently preferred, significantly facial recognition was their second choice.  Remarkably, the average age of their customers using this technology on the device was 38.  15% of those surveyed were also over 65.  Nearly half of those surveyed showed enrolment for the service was made without any advertising.  This shows that wide spread adoption was much easier than they had realised.

In fact there are many other examples where nearly all banks are getting in on the act.  Just recently Wells Fargo announced it was planning to pilot a combination of both voice and face recognition biometrics to authenticate mobile iPhone app users.

In the U.K., MasterCard are conducting an experiment with 500 of its mobile app customers with a facial recognition trial to authenticate purchases.  They have also just announced to start the same trials in the Netherlands and the U.S. too.  In China, ecommerce giant Alibaba Group and affiliated online payment service Alipay are aiming to use facial recognition technology for customers to log-in.

So over the next few years, using your biometric customer profile will become mainstream.  You will become the password.  Performing a selfie will be a simple way to access your mobile wallet, authenticate a payment and essentially prove who you are in real-time.  It will be part of the KYC (Know Your Customer) process and a bank or retail operator can see who their customers are and whether your face matches in their database.  This also has many benefits to prevent fraud.  It stops multiple accounts or account takeovers, and also it is very difficult for fraudsters to hack.  Another benefit in using biometrics is that it can be seen as replacing the dependency for passwords.

In Europe, the new EU Payment Services Directive or PSD2 which was ratified by the European Parliament this months, now comes into force over next two years and within the guidelines, the European Banking Authority are calling for stronger customer authentication (SCA) processes with regard to all internet and mobile payments as it becomes law.  This will mean that every ecommerce operator in all 28 European States must follow the new guidelines and will have to introduce more stringent methods for authenticating transactions.  Because of the unique human characteristics of biometric technology has to offer, it has been attributed as being one of the main methods in which banks and other companies can use as part of a two-factor authentication process.

The guidelines state that strong customer authentication is an authentication process that validates the identity of the user of a payment service or of the payment transaction (more specifically, whether the use of a payment instrument is authorised). Strong customer authentication is based on the use of two or more elements categorised as knowledge (something only the user knows, e.g. a password or a PIN), possession (something only the user possesses, e.g. the card or an authentication code generating device) and inherence (something the user is, e.g. biometrics, the use of a fingerprint, face or voice recognition) to validate the user or the transaction. These elements are independent (the breach of one element does not compromise the reliability of the others) and designed in such a way as to protect the confidentiality of the authentication data.

So there is no doubt biometrics are here to stay and whether we like it or not, it will become a way of life for mobile payments.


Comments: (4)

Michael Corsa
Michael Corsa - BitsExchange - London 22 October, 2015, 15:07Be the first to give this comment the thumbs up 0 likes

Having to wear scarves and sunglasses in public to hide your facial geometry. Putting on your password mask. Selfie-based authentication is a horrible idea. Maybe someday it will work, but today it is better to rely on more traditional means of data protection. I prefer two-factor authentication with OTP passwords.

Having to wear scarves and sunglasses in public to hide your facial geometry. Putting on your password mask. Selfie-based authentication is a horrible idea. Maybe someday it will work, but today it is better to rely on more traditional means of data protection. I prefer two-factor authentication with OTP passwords.
Balasubramaniam Gd
Balasubramaniam Gd - DBS - singapore 23 October, 2015, 03:37Be the first to give this comment the thumbs up 0 likes

Will be interesting to watch this space in the months to come, with more banks, fintech innovations in this space.  The real big questions are the customers ready for this ? especially the Tradigitial segments who are at confused crossroads ?

Steve Cook
Steve Cook - ID R&D - London 23 October, 2015, 09:26Be the first to give this comment the thumbs up 0 likes

Indeed many customers are already using biometric technology to log into the bank accounts. 

As reported by Planet Biometrics recently, Mobile biometric authentication provider Daon has announced that its client USAA bank has reached a key milestone of processing 1 million mobile biometric enrollments for its banking app.

USAA has integrated Daon's IdentityX Platform into their existing 2-Factor mobile app authentication.

In a statement, Daon noted that IdentityX expands the authentication options for USAA's members, allowing them to choose and easily utilse their face and voice on their smartphones to authenticate.   Daon offers a range of biometric technologies with IdentityX, including FIDO compliant solutions.

"Achieving this rate of adoption by USAA clearly demonstrates Daon's ability to operate at scale," said Tom Grissen, Daon's chief executive officer. "Watching the rapid adoption of biometrics by USAA and reading the complimentary Tweets of USAA members is a testament to the desire to use this form of authentication and validates the efforts put forward by both organizations."

"USAA is very excited with the advanced rate of biometrics adoption we have seen," said Rick Swenson, assistant vice president of enterprise financial crimes management strategy and analytics. "Reaching the milestone of 1 million enrollments is a strong testament of our members' preference to use a biometric when authenticating.

"By offering a biometric in conjunction with our very secure 'Quick Logon' solution, USAA is able to provide our members both a highly secure and convenient means to access their accounts. We thank Daon for their work throughout this exciting implementation and for the IdentityX Platform that allowed us to provide more options for our members."

Indeed, the USAA bank is not the first and certainly won't be the last.

Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 26 October, 2015, 16:59Be the first to give this comment the thumbs up 0 likes

@Steve, thanks for putting up brilliant coverage of Biometric Authentication adoption across US and Europe. I always found your blogs full of insight backed with good stats and research.

If cross boarder travel's several risks (important one like terroriests and crime) and provision of biometric authentication de-risks some of it. We have take away from e- passport which has multiple biometric registration and validation for financial transactions authentication.

Now hiring