30 April 2017
Steve Cook

Biometrics for eCommerce

Steve Cook - Daon

7Posts 30,408Views 1Comments

Passwords are so last century. They have to go, so deal with it!

29 January 2016  |  5044 views  |  1

Many of you feel very strongly about passwords, but the fact is … they have to go because of the large volume of hacks or frauds taking place putting you and also your money at risk!

It is true, strong passwords cannot be defeated but the facts are that very rarely do we use them. Companies or your employer insist on them, but in most cases we generally use the same ones time and again and it is impossible for us to continue using this ancient format. We have to move on and biometric technology allows us to do that.

The weakness in the chain is the human factor. Ask yourself, as an international global traveller, how many airline accounts do you have? The average is around six-eight accounts, all requiring different passwords for authentication. Yet, I bet many of you use the same or a slight variation of the same password in order to remember each one of them. Or in case you can’t remember the last time you used American Airlines or British Airways, you ask for a password reset, which then makes your personal details extremely vulnerable to potential fraudsters, especially if there is malware on your device which you don’t know about! Why? Have you ever dealt with a cloned website or what is known as an “Evil Twin” network. Yes, you think you are using the correct website when in fact it has been cloned. Plus all those calls or emails you get from your bank saying your account has been compromised, therefore they need to re-set your password for you. A scam which many people fall for! First of all, your bank would never do that, yet people are lured into thinking their bank is protecting them when fraudsters are sitting behind those communications. It is so easy to believe that your bank cares about you that much it personally calls you to change your password! Dream on!

Take Uber (the taxi booking app) for example. The press went mad to say Uber had been hacked last year. When in fact fraudsters just used people’s passwords from other accounts and hit the Uber service with the same details. The fraudsters got in because people used the same passwords across many of their accounts. The weakness in the system is that humans cannot be relied upon to make strong passwords, so we don’t seem to bother about security, then we complain when it happens. Many Uber customers got caught out, but it won’t be the last time unless we protect ourselves better! The average number of passwords we need to remember is around 20 per person but we only use about 4-5 that we can remember regularly. Some people don’t even bother with that many.

There is a better solution to all this. Your body … it is a unique human characteristic! Your face, your voice, your iris, your palm, your fingerprints are all unique to you! Known as your human biometrics.

Biometrics is now being used to access online and mobile apps and accounts. Your unique biometric is authenticating you each and every time. Whether its selfie banking or going through airport security, your face or other biometrics are confirming who you are. Many airports have installed electronic gates with facial recognition. You just turn up with your boarding pass and walk through immigration. If you are a regular passenger, the system recognises you so that you don’t even need to swipe your passport! Simple, convenient and what’s more absolutely no hassle. Not a password in sight! So why do we need passwords for online or mobile services, when our bodies can perform the same tasks to identify us.

Of course, this all depends on the levels of risk because biometrics is not an exact science. There are pros and cons with using this technology such as poor lighting which can possibly affect facial images. Photos can defeat some systems, noisy environments can affect voice systems and casts of finger prints can bypass some TouchID sensors. Yes it is possible for some hackers to clone bits of you! However more security features are being used in what they call “liveness” functionality. In order to prove you are who you say you are, various real-time events take place, such as random face or eye movements in the camera or reading out random numbers or phrases, and as well as detecting which device you are using! Pattern behaviour is another form of liveness biometric test. These security functions are there to protect you to prove you are alive and well, and someone is not impersonating you. Using two or more real-time biometrics for example can also properly validate you! Fraudsters can’t be bothered to take on these challenges if it is too much hassle and will likely go for more easy targets such as using sites with your user name and passwords. Many people fear that biometrics can be compromised too. Once gone, they are lost forever, but this is simply not true. Biometric data, if encrypted properly, cannot be hacked. It is just useless data to any fraudster!

One of the main areas where biometrics will replace passwords is mobile banking. The latest data from Goode Intelligence indicates that currently there are at least 120 million customers using mobile biometrics on a daily basis for their financial transactions. The forecast shows there will be 16 billion mobile biometric payment transactions this year, and by 2020, the number of FinServ consumers using biometrics to authenticate payments via mobile devices will skyrocket to 1.1 billion.

The move to establish identity based on what you have (ie your face, voice, iris, fingerprint) rather than what you know (codes and passwords) is what makes biometrics a worthy substitute for passwords. The biometrics market is expected to expand to $44 billion by 2021 globally. The demand that was driven by law enforcement, border control and governments to issue IDs is now going mainstream and entering the consumer domain where Touch IDs and facial recognition tools are already being used for logins.

Pioneering these efforts is the financial services industry. Last year saw JPMorgan Chase integrated TouchID into their mobile banking app for a seamless customer login that eliminates typing in a password. Similarly, MasterCard announced a “Pay By Selfie” feature that will make it possible for merchants to verify the identity of a shopper by looking at a photo of their face. One of the first mobile services to offer biometric log-ins was the USAA, where they have over 1m customers either using their face, voice or fingerprints. This year, we will also see challenger banks such as ATOM launch in the UK. Every new ATOM customer will set up and enrol using their own biometric profile! Clearly, this is the future in replacing passwords for many banks and financial services providers.

In Europe, there is also new regulation in the form of the EU Payment Services Director 2 (PSD2) which will be a key driver for many financial institutions to adopt biometrics as “something you are” under the SCA (Secure Customer Authentication) guidelines. This new EU directive became law on 13th January 2016, so organisations have just two years to fully implement it. The fines for not doing so are huge!

Yes folks, online or mobile banking as well as retail shopping will never be the same again! So we had better get used to it! This is the biometrics age!

 

TagsMobile & onlinePayments

Comments: (1)

Manish Grover
Manish Grover - * - New Jersey | 01 February, 2016, 20:40

Nice one Steve. Now that consumers are primarily using non-shared devices like smartphones and tablets, biometrics is indeed the way to go in those economies. 2 -factor authentication may make that complicated but still simpler than the scenario we have now. Syndicated logins like google, MSFT, Facebook may be another option. But still, the risk of a single failure point...I don't know about how comfortable I would be with that. 

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from

Steve's profile

job title Director of Sales EMEA
location London
member since 2015
Summary profile See full profile »
Steve works in the biometric identity management industry providing online/mobile face and voice recognition solutions to financial institutions and other sectors. Follow me on Twitter: realstevecook

Steve's expertise

Member since 2015
6 posts1 comments
What Steve reads

Who's commenting on Steve's posts