A Breakout For Biometrics? Tech Advances and Smartphones Point to "Yes"

A Breakout For Biometrics? Tech Advances and Smartphones Point to "Yes"

A Breakout For Biometrics? Tech Advances and Smartphones Point to "Yes"

Charles Keenan

Charles Keenan

Charles Keenan has written about payments since joining the American Banker as a staff reporter in 1997, a time when automated teller machines were appearing just about everywhere but people's living rooms thanks to the relaxation of surcharging rules.

More Info

Biometrics have long been touted by providers – but hardly embraced in the world of banks and payments, mostly due to the high costs of hardware and friction created with consumers. Yet those barriers are falling fast at the point of sale (POS), setting the stage for biometrics to become ubiquitous in the coming years, reducing the need for passwords, CVV codes, and other nettlesome authentication requests — all the while improving security for consumers.

Biometrics – using fingerprints or selfies or even a heartbeat to authenticate users – are making big inroads now, thanks in part to a few major factors. One is the technological advances themselves, helped along with investments by the U.S. government in all sorts of biometric identification systems since 9/11. Another is the ubiquity of smartphones, which have become such a part of daily life, making them fertile ground for new modes of authentication.

"The phone form factor will be your authentication device, and you can use that in a variety of ways," says Bob Reany, executive vice president of identity solutions for MasterCard. "I see the phone becoming the form factor that is used more and more in the POS environment."

Convenience is key

The key is making it convenient for users. Fingerprint technology has already gained traction, of course, with platforms such as Apple Pay. Millions of customers at banks such as Bank of America, Wells Fargo and JPMorgan Chase now use fingerprints to access accounts using their mobile phones.

But in addition, HSBC has plans this summer to introduce voice recognition with touch ID services for 15 million customers. And later this summer MasterCard plans to debut its Identity Check app, more commonly referred to as "selfie pay," which uses facial recognition software.

The need for biometrics

Talk of biometrics in banking and payments is nothing new, but the technology has been plagued by too many competing devices to make them come to fruition, making it historically unpalatable to banks. Yet over time, one thing has remained the same: fraud is a problem, and the financial industry is in a race to come up with seamless solutions at the POS to help combat it.

With more brick-and-mortar merchants accepting EMV, more fraud will migrate online, necessitating the need for greater security. Passwords and credentials have been hacked, skimmed and leaked with alarming regularity in the financial industry, notes Brian Ziff-Levine, director of cards and payments at First Tech Federal Credit Union, based in Mountain View, Calif.

"Adding [additional] layers of security is never a bad thing," Ziff-Levine says. "But what we don't want to do is add inconvenience. We don't want merchants to complain about lengthening the purchase funnel."

And then there's consumer adoption

Early signs point to receptiveness by consumers. First Tech Credit Union participated in a pilot last year with 200 employees, who made simulated payments to a charity. It was a simple test, but about 86 percent in the trial said they found fingerprint and facial biometrics easier to use than passwords. Last year, MasterCard also ran a trial with Canadian bank BMO Financial Group's corporate cardholders to test the app, which uses fingerprints and selfies to validate identities. In another MasterCard pilot, 71 percent found facial recognition and 93 percent found fingerprint recognition highly convenient, according to a survey of 750 cardholders of ABN Amro in The Netherlands.

Beyond thumbprints

Other form factors are gaining momentum, such as those that use persistent authentication, where the device constantly monitors users to continuously make sure they are the right people. "Instead of having to authenticate myself when I want to buy something, which is a couple of times a day, I authenticate myself all the time," MasterCard's Reany said. "That way it's frictionless."

For example, Toronto-based Nymi sells a wristband that identifies users by capturing the unique pattern of their heartbeats. Each individual electrocardiogram is like a fingerprint, and the device is designed to communicate wirelessly with endpoints such as mobile phones, laptops, desktops or the cloud. "It's a change from a transactional model of authentication into a persistent model," says Karl Martin, founder and chief technology officer.

Nymi, in conjunction with MasterCard, an investor, tested the technology out with 300 consumers at TD Bank and RBC Bank. That said, with so many wearables hitting the market, Nymi has focused on enterprise customers for now, with companies using the band as an extra layer of security logging into networks. In fact, Microsoft announced its Windows 10 will soon accept devices for biometric authentication, including Nymi. Major consumer electronics companies have also approached Nymi about using its technology, Martin says, meaning the company could end up licensing the software to wearables manufacturers.

Another company, Stockholm-based BehavioSec, uses machine learning to authenticate users based on their behavioral patterns for their computer or mobile phone. For example, algorithms monitor a user's behaviors and skills with their devices, tracking swipe patterns, pressure on the glass and speed of data entry. It had 30 million consumers at roughly 50 financial institutions in Europe using its technology as of mid-June, up from 3.5 million at the end of 2014. BehavioSec is also working with major U.S. banks, which are interested in integrating more security layers without friction.

"Frictionless technology that can enhance the security transparently makes it so that payments don't have to be super hard and the passwords changed every month," says Neil Costigan, chief executive officer of Behaviosec. "Somewhere in the future we'll be laughing at the idea of passwords."

So look for more financial institutions to increasingly adopt biometrics, so long as customers find them easy to use. "Biometrics are the future," Ziff-Levine says.

The statements and opinions of the writer do not necessarily reflect those of TSYS.

Other Articles by Charles

Charles Keenan

Charles Keenan has written about payments since joining the American Banker as a staff reporter in 1997, a time when automated teller machines were appearing just about everywhere but people’s living rooms thanks to the relaxation of surcharging rules.

His work at the American Banker included writing about credit and debit cards, merchant processing, and bank stocks. He later freelanced for the Banker and industry publications such as Banking Strategies, Bank Director, Community Banker, and U.S. Banker. He also writes about investing, insurance and health care, and is based in Los Angeles.

Share this story via email or social networks