One of the most significant drivers of innovation in the payment processing industry is security at all stages of a transaction. Technologies such as tokenization, P2PE (point-to-point encryption) and EMV have had a dramatic positive impact reducing fraud and protecting cardholders. Still, there is always room for improvement, especially since criminals are continually seeking ways to compromise current security protocols. Recently, there’s been discussion around leveraging biometrics in payments. Let’s look at what biometrics-based security looks like and what impact it might have on the industry.
What is biometrics-based payments?
In its most basic form, biometrics-based payments involve using a person’s uniquely identifiable physical traits—as opposed, or in addition, to a PIN—to prove to the payments system that the person is genuinely the authorized cardholder. Conventional biometric authentication methods include scans of fingerprints and retinas as well as facial and voice recognition. Less known and used biometric methods include ear scans, behavioral patterns (e.g., your gait as you walk), speech patterns, heartbeat patterns, and vein pattern recognition (VPR).
A 2018 study from Juniper Research estimates that mobile biometrics will authenticate $2 trillion worth of in-store and remote mobile payment transactions annually by 2023. This is up from $124 billion in 2018. Most smartphones today are more than capable of handling facial recognition, fingerprint scans, or voice-authenticated payments. In fact, Juniper Research forecasts that more than 1.5 billion smartphones (out of a pool of 5 billion) will use software-based biometrics by 2023.
Most of the biometrics-based security being discussed or implemented relies on scans being done by the cardholder’s smartphone or a payment device. However, it’s worth pointing out that Visa, through its Visa Ready for Biometrics program, has also piloted a contactless payment card that contains an onboard biometric sensor. The card uses a fingerprint sensor to authenticate the cardholder in place of a PIN or signature.
Whether on the card itself or via another device, Visa research has found that consumers rank fingerprint recognition the highest (50 percent) in terms of desired payment authentication for in-store usage.
Privacy and security concerns
Of course, there are some issues with biometrics-based payments. For instance, a 2017 Visa Biometrics Study revealed that consumers have low opinions of voice-based biometrics. This is probably due to an increase in familiarity and frustration with virtual assistants such as Apple Siri, Amazon Alexa, and Google Assistant.
Additionally, some argue that biometric security isn’t as effective as a strong password or PIN. There are dozens of well-documented stories of fingerprint-based biometric systems being compromised by a print lifted off a glass. A small piece of Play-Doh was once used to overcome Apple’s Touch ID system.
Finally, it’s important to note that some of this technology is advancing faster than laws that might protect consumers. For example, there is a lack of clarity and regulation around the collection and use of data concerning body parts or behavioral patterns. Criminals might be collecting public photos and videos to piece together a biometrics database of ears or gaits. It sounds ridiculous, but if we’ve learned anything over the years, it’s that criminals will continue to find creative ways to thwart our security systems.
Luckily, Ingram Micro is working diligently with its vendor partners to stay ahead of the criminals. If you’d like information on the next generation of secure payment devices, contact Angela Lawrence