How Biometrics Could Replace Passwords

By : Andy Brown

December 12, 2016 05:00 AM


Biometric data is becoming more and more important for the financial services industry. According to market research firm ReportLinker, finance is the most mature biometrics market outside the government in the US. With biometric app downloads in particular ready to “break out of the starting blocks”, revenue in this market could reach $2.2 billion by 2024.


Both Visa and Mastercard are getting onboard with biometrics, which underlines just how important this technology is likely to become for payments and banking. Could we be headed for a point where biometrics make more traditional methods of authentication, like passwords, obsolete?


‘A password-free world’


Visa has been collaborating with BioConnect, a biometric identity platform provider, to develop an authentication process that eliminates the need to remember passwords. The payments giant asked why, in our modern era of unprecedented technological innovation, so many people are still “fumbling with clunky passwords, which are easy to forget or mistype and vulnerable to theft”.


The idea behind the new Visa/BioConnect technology is to remove the need for a password backup by offering multiple methods of biometric authentication. If someone can’t use a fingerprint sensor because their fingers are damp, for example, they can use an alternative biometric such as facial recognition or voice detection.


Mark Nelsen, senior vice-president of risk and authentication products at Visa, said: “With multiple types of biometrics supported by an app, it becomes possible to make the password a thing of the past.”


Mastercard is going down a similar route with the rollout of Identity Check Mobile. The biometric app for online shopping allows customers to complete payments with fingerprint authentication or facial recognition, eliminating the need to remember passwords.


Then there is behavioral biometrics, a technology that could help to increase online and mobile banking security by continuously monitoring more than 500 aspects of behavior. UK bank NatWest is trialing the BioCatch behavioral biometrics system, which uses indicators such as hand-eye coordination, pressure, hand tremors and finger movements to create a unique user profile. NatWest plans to pilot the technology with personal banking customers in 2017.


So what’s the catch?


Passwords clearly have a number of disadvantages. Human fallibility is one of the biggest – there is always the risk of customers picking passwords that are easy to crack or sharing sensitive information with the wrong people. This isn’t a problem with biometrics, but that’s not to say that these exciting new technologies are without weakness.


As Olga Kochetova, security expert at Kaspersky Lab, explained: “The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image. Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way.”


If there is one thing we have learnt from technological progress in the financial services industry – from the invention of the ATM to the growth of online banking – it’s that fraudsters will always find a way to exploit flaws in new systems. According to Kaspersky Lab, cybercriminals will view biometrics as “a new opportunity to steal sensitive information”.


So as biometric authentication becomes a more familiar and important element of the financial system, banks and payment providers will be expected to show that the necessary safeguards are in place to protect customers and their sensitive data.

Andy Brown

Marketing Director, Payments

Other articles by this author

Andy has nearly 30 years experience in e-payment systems from the delivery and support of systems in the Far East and Europe and in the product management and marketing perspective. Based in the UK, Andy is responsible for marketing NCR payment solutions.