Passwords are totally out of control. You probably have thousands of them and remember none of them. Some insist on a mixture of crazy characters, uppercase letters and numbers, making sure you’ll never remember your password.
Requesting a new one requires remembering your own trivia—Your first pet’s name or your second grade teacher, or having secret codes sent to your mobile device, or recognizing bizarre sequences of unreadable “captcha” characters, just to name a few. Never mind the fact that password log-ons are incredibly hackable and human naivety is partly to blame.
Biometrics, using physical (and now behavioral) features for identification purposes, are about to start replacing passwords. You become your own password. Some recognize faces. Others recognize fingerprints, heartbeats, retinas or even brainwaves.
“The solutions,” says Mark Nelsen, SVP of Risk and Authentication Products at VISA, “depend on the situation.” Each offers a balance of accuracy and inconvenience, he says. For example, a customer might tolerate saying a single word to a voice recognition system, but that is not as accurate as speaking a few sentences. A fingerprint might work well on your phone, but won’t work at a cash register or ATM unless the machine has a fingerprint reader installed.
Biometric systems can be built into your mobile phone, a wearable device, a cloud based system, or a unique piece of hardware. “More and more,” says Nelson, authentication happens through the mobile device—either Android or Apple Pay or a proprietary banking app." How well this all works has implications for fraud, call centers, customer satisfaction and over cost management.
Today, most biometric devices are focused on creating a password free login experience from a mobile device. Fingerprint scans are one of the most commonly used. More and more mobile phones like the Samsung Galaxy and Apple iPhone 6 and 7 have fingerprint sensors for use with Android and Apple Pay. Additionally, many banks are using Touch ID sign in for their mobile banking apps. Consumers find the fingerprint both natural and reassuring.
One of the newest (and perhaps cutest) forms of biometric authentication comes from the “selfie.” MasterCard made news recently with a selfie app that lets the customer’s scan a photo of themselves with their mobile device as a form of ID when making a purchase. By asking you to blink during the scan, the smartphone process assures you are a real person and not just a photo.
Every human voice has hundreds of identifiers that make it unique. In addition to the voice itself, characteristics like speed, cadence and pronunciation, nasal tone and more are part of the analysis. With increased processing power and improved signal to noise ratio, voice is becoming a common form of biometric ID. Nuance Communications and Voice Vault are two companies that offer biometric voice identification to the financial industry. For the moment, the majority of these are over the phone transactions catering to demographics who would rather speak than use a device, but as voice quality improves we will see different implementations. Capital One, for example, now works with Amazon Echo.
On the cusp of a breakout are wearable payment devices. At the moment, they’re taking the form of rings (like Ringly), bracelets (Fitbit is rumored to be releasing one) and smartwatches like the AppleWatch and Samsung Gear. Because they’re worn on the body and communicate with payment systems through NFC technology no mobile phone is required. MasterCard, Visa, TopShop and others are all testing these “untethered payment devices.” Since they also have built in tokenization, security will be pretty good. Combining the wearable with a second form of biometric, say EEGs or vein scans, may be the norm in the near future. Nymi is a wearable band that uses the unique electrical pulses of the heart (ECG electrocardiograms) to identify its wearer. Nymi is already being rolled out for testing in financial markets.
Already common in airports, retinal scans rely on the fact that every person has a unique set of blood vessels in their eyes as well as other unique features around their eyes. Companies like EyeVerify are miniaturizing this once bulky technology so that one photo taken with your smartphone can provide a unique customer ID.
Scanning Your Behavior: The Ultimate Solution
Traditional biometric systems (looking at some feature that’s part of your body) offer protection at the point of logon, but new behavioral biometrics systems are looking at ways to create more persistent authentication. BioCatch, for example, provides its customers with an authentication score based on 500 points of behavior. Behaviors can include things like keystroke, scrolling, handedness, password storage habits and more. Banks and payments can set the “alarm” parameters based on the authentication score. IDology is also using a large database of knowledge to assure that the user remains safe throughout a session, not just at logon. Systems like these will enhance the mobile payments experience. Ultimately, a combination of biometric safety checks will provide persistent authentication, relegating the current password insanity to the annals of history.
Robin Raskin is founder of Living in Digital Times (LIDT), a team of technophiles who bring together top experts and the latest innovations that intersect lifestyle and technology. LIDT produces conferences and expos at CES and throughout the year focusing on how technology enhances every aspect of our lives through the eyes of today’s digital consumer.