12:13 PM
Jamie Cowper, Nok Nok Labs
Jamie Cowper, Nok Nok Labs

Biometrics and Mobile Payments Security

The payments industry needs to consider how to support new and emerging biometric technologies.

Last month saw the launch of the Apple iPhone 5S, with an integrated fingerprint sensor, Touch ID. Much has been written about Apple’s intentions; all we know for certain is that today you can use the fingerprint sensor to unlock the device and to make purchases via iTunes and the App Store. If, as expected, Apple does allow 3rd-party developers access to Touch ID, then can we expect to see this technology used to enable mobile payments?

There is a growing shift towards the use of biometrics to support both login and transaction verification, this is occurring for number of reasons:

-- New capabilities in modern devices – Apart from the Apple fingerprint sensor, the latest generation of smartphones contain a wide-range of sensors that can be leveraged to help identify a user – these might include high quality cameras to perform facial recognition, or microphones to support voice biometrics. Of equal importance, they contain embedded secure elements and secure Operating Systems to support the secure creation and storage of biometric templates – a smart card within your phone.

-- Increasing sophistication of Biometric technology – Historically most implementations of biometrics have been focused on secure building entry or border control. These use cases assume that the user is being observed as they enter their credentials, a very different scenario to the remote authorization of a payment via a mobile device. We have seen the biometrics industry react to these new business opportunities by improving their algorithms and introducing anti-spoofing capabilities, to try and limit fraud.

-- Broad distribution – Laptops with fingerprint sensors have been shipping for more than 10 years, without seeing significant usage. The problem has always been the same – what can you use them for? Until now it hasn’t been possible to use the fingerprint sensor on your Windows PC to shop online, access your online bank or perform any of the other functions that we typically use passwords for, there has been no incentive for Payment Service Providers to support individual solutions. Apple’s introduction of biometrics to a mass-market device has the potential to alter this situation. We are already seeing some of the major Android phone manufacturers being linked to biometrics, and the expectation is that tablets will follow this. Microsoft is also looking at this space, with Windows 8.1 offering enhanced support for Fingerprint Sensors.

The main challenge and opportunity around biometrics is around consumer acceptance. A new survey, sponsored by PayPal and the National Cyber Security Alliance, published recently suggests that consumers are comfortable with the idea of using biometrics instead of passwords. The survey showed that 53% were happy to use fingerprints, with 45% preferring retinal scan and 41% with photo identification. These results are not dissimilar to a survey which we conducted with the Ponemon Institute earlier in the year, where the majority of respondents in the UK, Germany and the United States were happy to use biometrics with Banks and Credit Card companies, amongst other trusted organizations.

The payments industry needs, therefore, to consider how to support new and emerging biometric technologies. Both the regulators and the industry groups must consider when biometrics are a sensible replacement for the traditional username and password to allow Payments Service Providers to take advantage of the new technology present in their customers’ hands.

Jamie Cowper is Senior Director at Nok Nok Labs

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
10/14/2013 | 12:30:51 PM
re: Biometrics and Mobile Payments Security
I believe some form of biometrics will become the norm wit mobile banking and payments, it just seems to be the way we're going.
Nathan Golia
Nathan Golia,
User Rank: Author
10/13/2013 | 8:20:33 PM
re: Biometrics and Mobile Payments Security
We wrote on Insurance & Technology about the potential to integrate biometric data with medical claims in order to prevent fraud, and people didn't like the idea of turning over that kind of data to a company or being required to use it to access their benefits/data. I still think, therefore, we're quite a ways away from this being a real thing in financial services.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.