Will mobile biometric authentication replace today’s passwords?
We use passwords constantly to log into dozens of systems and services every single day. And as the number of systems and services we subscribe to grows, the more we have to remember.
According to a study from Cyber Streetwise, the average consumer in the U.K. needs to recall 19 passwords on a regular basis for desktop and network logins, email, social networks, e-commerce and banking. As the number of online services increases, so too does the complexity of the passwords as users now often are prompted for alphanumeric combinations while also being mandated to change passwords on a regular basis.
While this process is frustrating, authenticating consumers quickly and securely is critical to all industries, none more so than financial institutions. The challenge is to guarantee effective security without harming the user experience.
Consumers demand a balance between security and simplicity. This is where the use of biometrics comes into the picture by providing faster, easier and more robust authentication in a seamless way.
Mobile banking security
Biometrics is the process of authenticating users by measuring their physiological or behavioral traits such as fingerprint, facial appearance, iris, voice, palm print or signature. The potential of biometrics technology for different applications such as access control or personal identification was recognized a long time ago. Scientific research into the practice started first with voice, fingerprint and hand geometry recognition systems followed by facial and iris recognition.
Cost has been one of the biggest historical challenges of deploying biometric security technology. A combination of complex sensors, devices or cameras is needed to deploy this technology. It relies on hardware that has previously been priced prohibitively. However, with the advances in computing over the past decade, such technology has become table stakes. Indeed, today every smartphone is already equipped with sensors which facilitate biometric authentication. These can include fingerprint authentication, voice recognition via microphones, or facial/iris recognition via cameras.
After Apple started selling the iPhone 5S with a fingerprint sensor, consumers became more comfortable with biometric authentication. Fingerprints now have become a mainstream alternative to PINs or passwords in daily life. Meantime, Apple opened its Touch ID authentication technology to third-party developers and that has enabled mobile providers all over the world to leverage the feature for their own user security.
As expected, the most obvious use case has been in mobile apps. A number of international banks and financial services companies integrated Touch ID into their mobile banking apps as iPhone users log into their accounts using their device's fingerprint sensor as an alternative to entering a customer ID and password.
But it hasn't all been easy sailing.
Discussions around the value of Touch ID are ongoing. Security researchers have demonstrated how to replicate fingerprints using a glue-like substance to "fool" the Touch ID fingerprint sensor into a false positive identification.
Despite these flaws, the reality is that consumers love Touch ID. Fingerprint authentication adoption is on the rise as its availability on phones and tablets continues to grow. Apple is no longer the only player in the game as many Samsung devices now offer a fingerprint sensor and companies such as PayPal are leveraging it.
Major companies worldwide are already onto the password problem.
The FIDO Alliance, a non-profit consortium comprised of several big companies including Microsoft, Google, Visa, MasterCard, PayPal, Bank of America and more, recently published its final specifications to "kill" traditional passwords.
Their aim is to establish an open standard for online authentication in order to create an open, scalable, interoperable, seamless and strong authentication system for end users. More importantly is the FIDO Alliance's focus on leveraging existing biometric capabilities within mobile devices such as fingerprint sensors, iris scan, voice recognition and facial detection.
The move by more smartphone manufacturers to embed biometric capabilities on their devices alongside interoperable authentication standards will contribute a rapid and widespread adoption of biometrics authentication technologies. According to a prediction by MarketsandMarkets, the overall biometric market is increasing with a CAGR of 17.6 percent until 2020.
As more banks, financial organizations, and governments become aligned with tech providers on the topic of security innovation, we'll continue to see a shift away from traditional passwords toward biometric authentication.
With contributions from Burcu Cinaz-Arnrich, product manager at Monitise focusing on authentication and security products.
Peri Kadaster / Peri Kadaster is Director of Strategy & Marketing at Monitise, where she helms the MEA region’s initiatives. Previously, Peri was Vice President of Marketing for CoffeeTable, a shopping app that reached #1 in its App Store category. Peri also co-founded Kadaster Ventures LLC, where she provides angel investment and advisory services. Previously, Peri was an Engagement Manager at McKinsey & Company, a Marketing Associate at PepsiCo, and a Senior Associate at The Parthenon Group. She also blogs for Harvard Business Review Turkey and Startup Turkey. Peri received her MBA from Harvard Business School and Bachelor’s Degree from Duke University.