In terms of ‘pure’ payment protection, biometrics offer “undeniably higher levels of security” coupled with an “intuitive customer experience”.
With the explosion in smartphone usage, the number of payments carried out via mobile devices has significantly increased over recent years.
As eCommerce becomes mCommerce, the industry has to focus on payment security. During a Card Not Present process, a personal account number (PAN), expiration date and card validation code (CVC) are not enough to completely secure a transaction. Biometrics that provide high levels of security and an intuitive customer experience might be the solution for secure mobile payments.
“Protecting the mobile device itself is a first step towards secure mobile payments,” explained Jean-Noel Georges, Frost & Sullivan’s global program director, ICT in financial services. “Although a personal identification number (PIN) can do the job, in 2011 more than 60% of smartphone users were not using a PIN to protect their mobile access.”
Over the past decade many biometric projects have emerged with the aim of enabling user identification on mobile devices. In Europe, the MOBIO (Mobile Biometry) Project is noteworthy, with the aim to develop advanced biometric tech solutions for authentication on personal mobile devices.
Leveraging the existing technologies embedded within these devices (eg headphones, microphone and camera), the optimal solutions included voice and facial recognition as well as bi-modal authentication.
“The time is now right for biometric technology to emerge as a secure solution for mobile applications that require high levels of security, particularly payment,” said Georges. “From a pure payment security point of view, biometrics has already delivered significant advantages.”
Need for simple and intuitive payment solutions
The need to have a simple and intuitive payment solution precedes success. Natural Security, for example, developed a biometric Point of Sale (POS) solution based on fingerprint (veins or digital) recognition. The fingerprint reader connects to a contactless object (contactless card) to verify that the identified personal data matches the information stored on the card. This is a practically effortless payment mechanism that doesn’t require a PIN or card and provides a great customer experience.
“One potential mobile development could have a huge impact on biometric security solutions,” added Georges. “Rumours persist that the next iPhone will include a fingerprint sensor. Given that Apple acquired Authentec – with its TouchChip product family – in 2012, this is a strong possibility.”
The need for remembering PINs could soon become a thing of the past. With biometrics the user is the unique key to the device, application and payment security, making it a high rank of protection. However, even if these technologies are ready, the cost and complexity of integrating them into mobile devices make widespread roll-out a huge challenge.
Moreover, the end user will need time to accept this new way of interacting with his or her device.
Other projects have already appeared that use an individual’s personal magnetic field as an identifying signature. “We expect to see biometrics becoming increasingly prevalent over the course of the next three to four years,” concluded Georges, “driven by a desire among vendors and consumers alike to be better protected when accessing mobile services.”