Biometrics: Beyond the PIN, password

Will PIN numbers and/or passwords soon be a thing of the past?  

Main Content

Biometrics: Beyond the PIN, password

Mar 5, 2018

Biometrics: Beyond the PIN, password

Will PIN numbers and/or passwords soon be a thing of the past?

New developments in biometrics—defined by as “the process by which a person’s unique traits are detected and recorded by an electronic device or system as a means of confirming identity”—suggest this may very well be the case. At one time, the use of biometrics was reserved for high-security applications, but it is now moving into the mainstream.

According to Robert Capps, VP of Business Development at NuData Security, “2018 will be the year when customers, citizens, and companies will have to be identified in new and different ways,” thanks in part to the fact that so many people have had their personal identifiable information stolen. “This year, companies will have to transform their authentication platforms to get beyond static data identifiers like passwords, social security numbers, signatures, and security questions to get to both physical and passive biometric authentication that identifies customers by their behavior.”

In other words, people are going to be identified and authenticated based on a set of recognizable and verifiable data that is unique and specific to them.

Physiological vs. Behavioral Measurements

The data will be either physiological or behavioral, with examples of physiological data being fingerprints or the shape of one’s face. For example, Apple’s Touch ID fingerprint scanner uses fingerprint authentication to unlock iPhones and Apple’s mobile wallet, Apple Pay.

Behavioral data might include things like keystroke dynamics (the rhythm of your typing), signature dynamics (the pressure exerted and the speed by which you move a pen), or the way you use a mouse.

Of course, different types of measurements don’t necessarily possess the same level of reliability. For example, physiological measurements—like a fingerprint—typically remain stable over the course of one’s lifetime. On the other hand, stress might alter the way in which you type on a keyword or use a mouse. So it’s possible that in the future, different biometrics will be used in combination. This could help reduce error rates—that is, the incidence of “false rejection” or “false acceptance.”

More likely, still, behavioral biometrics will be combined with machine learning and risk assessment techniques to help authenticate users. For instance, if you’re shopping online the system might take into consideration your IP address (are you trying to hide it?), your geo-location (is it what’s expected?), and whether your order is suspicious in any way. The value of the purchase might be taken into consideration as well. For instance, a low dollar-value transaction that is in keeping with expected behavioral patterns might be processed instantly, but if the transaction is perceived to be high-risk (say, due to a suspicious IP address), the transaction might be blocked or put “on hold” until you provide additional information.

Advantages and Disadvantages of Biometrics

The main advantage of biometrics is that it allows you to prove your identity using characteristics that make you unique. So the data is much less likely to be forgotten, stolen or forged, in contrast to using something you possess (like a document or card) or something you know (like a password or secret phrase).

A potential issue, though, is that biometric data is arguably the most personal and private data that anyone has, and in the case of physiological data, the individual can’t readily change it. Consider the possibility of one’s fingerprint being stolen and then fraudulently used, for example. Another possibility is that biometric data might ultimately be used for purposes other than it was originally intended—by third parties, for instance—another major risk to security and privacy.

This perhaps explains why only 46 percent of 12,000 consumers surveyed for HSBC’s “Trust in Technology” report (2017) said they trust fingerprint recognition to replace passwords, and just 26 percent trust iris recognition to do the same. On the other hand, “trust in biometrics tripled after a simple explanation,” notes the report. At any rate, it’s clear that establishing trust in biometrics will be the key to successful adoption.

The Biometric Payment Card

Regardless, biometric payment cards are just around the corner. Bob Reany, Mastercard Executive Vice President of Identity Solutions Product, recently told Biometric Update that “Mastercard has been running pilot projects for smart cards with on-board fingerprint sensors. This is a really big deal,” said Reany. “It introduces biometrics into a market, without having to change your point-of-sale system at all.”

At the same time, Visa’s new division, Visa Ready for Biometrics, is conducting its own payment card trials, including one with Utah-based Mountain America Credit Union. Specifically, the program tests fingerprint recognition as an alternative to PIN (or signature) to authenticate the cardholder. The way the new EMV dual-interface (chip- and contactless-enabled) card works is that the cardholder places their finger on the card’s fingerprint sensor; then the data is compared to the fingerprint “template” stored on the card. Green and red lights integrated into the card indicate whether there’s a successful or unsuccessful match.

What is driving innovation in biometrics?

The move towards biometric payment cards—not to mention other biometric-related innovations—is being driven by banks, merchants, and consumers alike, all of whom are seeking improvements over the current password/PIN system.

For some, the future can’t get here soon enough. In fact, according to Visa’s recent survey  of 1,000 adult Americans who use at least one credit or debit card and/or mobile pay, consumers are really looking forward to the widespread adoption of this technology. Sixty-seven percent say they are interested in making payments using fingerprint technology, and more than 50 percent advised that they would switch away from a card network or bank that didn’t offer biometric authentication at some point down the road.

It looks like the future may just be a step…or rather, a fingerprint away.

To learn more about biometrics, read our post on Biometrics and authentication: A whole new way to think about security.


Contact Us
About Our
Merchant Services

Get your Free Quote, Now!

After you have submitted your information, a TSYS representative will contact you.

All fields are required to submit form. Your information is private and secure. We do not accept adult businesses

Customer Support Form