Aside from effectively eliminating the need to physically handle cash and credit cards, the main driver to biometric payments’ success is the convenience offered. With biometric payments, users no longer have to worry about passwords and PINs that can be too hard to remember — or worse, susceptible to security risks if not created carefully. In contrast, convenient ‘tap’ payments, which are faster than chip-and-PIN payments and require less physical interaction, are considered more secure. In the case of contactless cards, growing in popularity for lower-value payments in many markets, the embedded near-field communication (NFC) antennas create unique cryptograms for each individual transaction. Even without fingerprint authentication, they deliver security without harming user experience or slowing down transactions.
However, while the convenience of biometric payments can’t be denied, today’s cybersecurity graduates are taught offensive measures to promote mobile security, as issues involving data theft and privacy are key concerns for those in the industry. In fact, statistics show that the demand for cybersecurity experts in the US nearly doubled from 2013 to 2019, and it’s an area growing three times as fast as other IT roles. This should come as no surprise, given the wealth of information now being shared through digital means, and what it could mean if any of it was compromised.
Take, for instance, fingerprints: if they were left in usable forms and stored by certain security solution companies unencrypted, highly capable hackers would be able to create “masterprints” that could match a large number of fingerprints and copy people’s actual fingerprints, which they could then use for malicious purposes. This reality reminds us that while biometric authentication improves upon traditional security measures, it still has its flaws. Unlike usernames and passwords, fingerprints, face profiles and the like cannot be changed once stored. Meaning once biometric data is compromised, it remains compromised. Fortunately, with more data, computing resources and sophisticated science, biometric data can become increasingly complex – to the point where hackers would have a hard time accessing it. As always, it’s a case of security and fraud experts staying a step ahead of cybercriminals.
With the ongoing pandemic speeding up certain changes, such as the massive shift to remote work and the reduced usage of cash, it has also accelerated the adoption of biometric authentication all over the world. For instance, in France, banks such as Crédit Agricole already announced plans to launch biometric payment cards that meet testing and certification requirements. In Japan, leading payment network JCB recently launched a new contactless payment device Tap on Mobile, which will govern all aspects of contactless payment transactions. Securely made on NFC-enabled Android smartphones, the system can be used for a variety of purchases and payments such as event tickets and as fares for different car-sharing programs. We can also use India as an example, where the national biometric identity system was introduced in 2009. The government has since been continuously integrating biometric devices into a plethora of welfare schemes to weed out duplicate beneficiaries and ensure that benefits are delivered to the intended recipients.
Even though some markets are still lagging behind when it comes to bringing biometric authentication into the mainstream, it hasn’t stopped some experts from entertaining the thought of the future of payments that primarily center around self-sovereign data (SSD). SSD is a vision for a portable, private, secure and convenient digital identity that boasts different layers of security and flexibility. Individuals would have complete ownership and control over their digital information and how their personal data is being shared or used. Additionally, laws such as the EU’s General Data Protection Regulation (GDPR) are effective not just in setting the stage for the new age of proactive data security, consent management and customer-centric controls, but also in empowering citizens. After all, such regulations are providing consumers with legitimate ownership and rights over the data they produce. While it is still too early to determine how far 2020 will take biometric authentication, one thing is for sure: this year has made biometrics a stable fixture in today’s modern landscape.
Find out more about ACI’s Payments Intelligence capabilities.