October 5, 2015 -
This is a guest post by Steve Cook, Director of Business Development at Facebanx.
The biometrics age is upon us. A future sci-fi world of disappearing passwords, the internet of things and the unique human characteristics of our body parts to verify who we are is now actually a reality! No more so than in authenticating mobile payments. According to a recent study produced by Goode Intelligence, over $5.6 trillion dollars of payments will be secured with biometric technology by 2020. Mobile payments will be the main driver with the need for authentication speed creating demand for a frictionless user experience that biometrics can meet. Devices such as wearables, tablets and smartphones are the main channels that will procreate widespread consumer adoption.
The world of banking is changing beyond all recognition and retail banking on the high street is becoming an endangered species. Gone are many bank branches! The scramble to move everyone online and into a new and certainly more disruptive way of life using our individual biometrics is rapidly being deployed into many applications from replacing passwords, user log-ins, enhancing enrollment and KYC (know your customer) methods to verifying transactions and preventing fraud.
Biometric technology is impacting on everyone. Whether it is access control systems or internet banking, being totally secure and retaining our privacy is still very much a big question for the biometrics industry to answer. As well as not least, how regulation will need to catch up quickly because all governments are slow at implementing legislation. Biometric data will need to be regulated in each country against misuse as well as protecting the general public from data breaches because a number of commercial organisations are doing a very poor job against hackers. Nearly every week, news of a major hack is hitting the headlines! The latest being 15m T Mobile customers who have been compromised, which has also affected over 6,400 banks too. Most people are in favour that identifying criminals or terrorists with biometric methods such as facial recognition would be acceptable but almost everyone would still expect to have their privacy and data protection rights upheld. So Governments need to get it right and that may not be easy to achieve, particularly when it comes to cybercrime or money laundering. Fraudsters will always find a way.
However, first and foremost, we must keep biometrics in perspective. Biometrics is not an exact science. The technology has drastically improved over recent years but it still can be beaten and hackers and fraudsters enjoy nothing less than having a go. Photos, voice recordings and fingerprints have all been compromised in some way, although new technology to detect spoofing and proving in real time a liveness aspect is becoming more resilient. There needs to be a clear understanding that while there is a rush to use biometrics in many areas; everyone should also understand the risks too. There has to be a balance between risk vs security. It’s not perfect but it will be more secure than passwords.
I am a true advocate and enthusiast of biometric technology. If the world is moving in this direction then let’s not get swallowed up in all the hype. What are we trying to achieve? Ultimately, the goal is to have a highly secure environment for using our biometrics, retain privacy and move us all into the modern technological age. The possible downside for biometrics is that once it has been compromised, unlike passwords which can be changed; it could be difficult to retrieve your biometric profile as some experts have been suggesting, although it is not entirely impossible. There is no reason that a compromised biometric could not be de-authorised in the same way that a passport is. Once you’ve eliminated fingers, you can go onto voice or a live video stream which is difficult to spoof with live responses. However security over encryption has to achieve much greater results. The key to this is ensuring a multimodal approach. Creating a biometric profile could benefit in fighting against identity theft too.
However, I believe the pros outweigh the cons, because the ease of convenience and having a compelling two or multi-factor authentication will be the future. In my opinion, there is little doubt, passwords and pin numbers are dated and will disappear eventually. I estimate within the next five to ten years, passwords could be a thing of the past. After all, remembering so many passwords and pin numbers has always been challenging and many of us do not use strong passwords, so often they are very easy for hackers to obtain or even guess. In the U.K. the average person needs to remember anything up to 20 online account passwords although many people have less than half a dozen that they use regularly. Machine learning is now so advanced, that it could probably work out your passwords from your lifestyle to very high degree. Be honest? Are your passwords connected to your lifestyle? Many of you won’t admit to that, but if you are in this category, then you are seriously at risk because advanced behavioural technology can predict your regular passwords! Well, as one expert once said, you wouldn’t name your dog after your password, would you? By the way, I am just as guilty of that too, so you are not alone! I look forward to the day when I can ditch my passwords and pin numbers completely in favour of using biometrics but I know that there are risks that come with it too.
Identity theft is also another major issue. In fact, it is the biggest global fraud there is. At least 1 in 14 American citizens had their identities compromised last year, according to the U.S. Justice Department. Around 17.6 million Americans have fallen victim to identity fraud in one form or another in 2014, and as likely this is going to significantly increase in 2015 as data breaches are at an all-time high. The U.S. is not the only country; virtually every corner of the World has been affected in some way. Therefore biometrics could almost certainly play an important role here in proving you are who you say you are! Fraud has become an enormous problem in many industries from health to insurance and the adoption of biometrics could combat a large number of cases.
The issue facing every industry, every organisation, is where to start? Governments in various countries are trying to capture biometric data from every person, such as fingerprints in India. In the online world, the problem is that there is no common consensus yet. The drive to get there is creating a variety of different applications and standards which in the end is going to confuse customers and could lead to a possible lack of consumer confidence. Nearly every bank, telco or retail organisation is trail blazing with their own thing. Remember VHS or Beta; CD, video or mini disk? As we know, in the end there was mainly one winner and that’s the current scenario we face. There are a number of standards and compliance organisations, but many are still in the initiation stages, almost setting standards as they go and in many ways trying to meet new legislation guidelines too.
In Europe, the new Payment Services Directive 2 (PSD2) and the 4th Anti Money Laundering Directive both come into force within the next few years and will have a severe impact on many organisations needing to clean up their act. The corporate fines for not complying with these new guidelines are huge. New legislation regarding internet payments will mainly require three factors; knowledge (something you know), inherence (something you are), and possession (something you have). So it is possible that any kind of anonymity is going to probably evaporate because companies will be forced into knowing exactly who you are.
If you are keen to learn more about biometrics, there is the Biometric 2015 identity conference taking place in London, from October 13-15. For more information, please visit: Biometrics and Identity.
DISCLAIMER: BiometricUpdate.com blogs are submitted content. The views expressed in this blog are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.