Survey shows biometrics not trusted or understood by majority of consumers
A majority of consumers believe that switching from passwords to biometrics will expose them to identity fraud, according to a survey by Paysafe Group.
Paysafe found that 56 percent of consumers in North America and Europe are concerned about the switch to biometrics, and 81 prefer passwords for online payments due to security concerns. The report “Lost in Transaction: The end of Risk?” considers public attitudes to biometrics ahead of the Strong Customer Authentication rule implementation later this year, and presents a troubling picture for the biometrics industry.
Two-thirds of respondents (66 percent) are concerned about being able to pay for goods or services without a password, and only 37 percent believe biometrics are more secure than other authentication methods. A lack of trust is behind the concerns, Paysafe reports, and 45 percent say they do not want companies to have access to their biometric data.
“Biometrics are a huge opportunity for the payments industry to combat the increasing risk of card not present fraud. However, it’s not surprising that there is reluctance among consumers to use biometrics as a form of payment authentication when passwords and PINs have been the central pillar of financial data security for at least 20 years,” Paysafe Group Chief Business Development Officer Daniel Kornitzer argues. “News headlines are also dominated with fraud and hacking scandals so the public are aware of the risks involved when it comes to adopting new services. To overcome this, consumer education is imperative and with SCA coming in September, consumers will need to be aware of the benefits to ensure acceptance and adoption. We’ve lived in a password-driven world for many years now and consumers aren’t fully prepared to let go of what they know.”
Biometrics do not seem safe to 28 percent of people, while 35 percent say they do not know enough about the technology to trust it, and 31 percent are concerned that their fingerprints can be easily spoofed to commit fraud.
“Consumer acceptance of biometrics is being driven largely by smartphone usage and adoption, and this will only increase. However, payment providers will need to do their bit to get consumers on board. Ultimately, SCA should lead to smoother and more secure payments – a win for businesses and consumers alike,” Kornitzer adds.
Status quo not working
The hesitancy of consumers may ironically be driven by the prevalence of data breaches from systems with legacy access controls, as cybercriminals exposed 2.8 billion consumer data records in 2018, and cost U.S. organizations more than $654 billion, according to research from ForgeRock.
The ForegRock U.S. Consumer Data Breach Report shows that $114 billion was invested in information security products and services in 2018, up more than 12 percent over 2017, but without major gains.
Personally identifiable information (PII) made up 97 percent of all breaches, and unauthorized access made up 34 percent of all attacks last year. The report also shows 3.8 percent of breached information was usernames and passwords. Healthcare, financial services, and government were the three most commonly-targeted sectors.
Costs from cyberattack at financial institutions spiked from $8 million in Q1 2018 to $6.2 billion in Q1 2019, despite a lower number of breach incidents.
“Every industry has incentives to avoid brand damage and costly breaches, and so organizations must use modern techniques of identity and access management to secure their infrastructure, from servers in the data center to client applications and smart devices at the edge,” says ForgeRock VP of Innovation and Emerging Technology Eve Maler.