Connect with us

TECHNOLOGY

Biometric payments and safeguarding privacy

The Future of Biometrics in Payments

 

By Ricardo Amper, CEO, Incode

While the technology has been in place for the initial move toward a cashless society for a while now, it was the Covid 19 pandemic that really accelerated the transition to a cashless society. The need for social distancing and the realisation that passing cash between individuals was a vector for infection provided the necessary impetus for more and more people and businesses to go cashless.

The transition seems to be a permanent one too. A recent Visa survey concluded that only 16% of consumers wish to revert to their previous methods of payment, with a massive 65% stating they would prefer to use contactless payments as much as, or even more than, they are currently. As a result, the move toward a cashless society is a global one, with the 2020 share of contactless payments in total card transactions at its highest rate since 2015.

There is a potential fly in the ointment though, and that comes with an examination of how the security of payments can be maintained. Cashless fraud is comparatively easy in a system where the presentation of a card alone is enough to guarantee payment, but that same ease of purchase has made consumers resistant to any friction at the point of sale, with even PIN entry considered a bind.

The answer is, of course, to use biometric data. But the industry needs to deploy this in a sensitive manner that takes into account the significant considerations regarding privacy that surround it. The ramifications of the settlement in the US against Clearview AI, which is now prevented from selling its facial recognition software on the open market, are still being digested and there is growing public wariness about the use — and misuse — of such data as a result.

The friction of PINs and passwords

Pins and passwords belong to another era. They are the main verification systems used in the nascent cashless society to date but need to be replaced. To begin with, they require remembering and entering, processes which can both introduce significant human error and unnecessary steps into the payment process, especially if information has to be entered more than once to ensure a successful verification.

A recent report from the Business Performance Innovation (BPI) Network and the CMO Council found that 80% of consumers prefer doing business with companies that make authentication both simple and safe. Meanwhile, 68% indicated that it is difficult to remember and key in many passwords and nearly as many — six in 10 — said they had quit transactions due to authentication frustration. There are significant security issues associated with password and PIN reuse across multiple accounts too, as well as problems caused by insecure practices such as writing down numbers, sharing, and more.

Biometrics holds out the promise of short-circuiting all these issues and establishing a future of genuinely frictionless payments. Not only does it provide a higher level of security that both customers and organisations require from financial transactions, but it takes the responsibility of authentication away from the user. Instead, it becomes an inherent part of the transaction.

As such it already has significant public buy-in. The previously cited BPI/CMO survey said that 34% of customers would prefer to use biometrics as their primary means of identity verification if the technology is secure. And an HSBC report reported that trust in biometrics increased six percentage points after only a brief explanation of its workings.

The need for security and privacy

While biometric data is unique from the outset; attention needs to be given to keeping it that way and ensuring it remains secure. Presentation attacks, where phones have been unlocked from photographs of an owner’s face, were a problem in the early iterations of facial recognition technology.

These threats have been largely dealt with however by industry-wide initiatives, culminating in the ISO/IEC 30107-3 Presentation Attack Detection standard. Liveness algorithms working in concert with AI have been developed to prevent an attack’s success, ensuring that identity verification remains both 100% reliable and, when implemented correctly, operates with minimum detectable latency.

Another area of concern has been privacy, particularly with the establishment of the GDPR in the EU alongside similar landmark legislation worldwide, as well as the increasing encroachment of state interest in the field. Different companies have different approaches, but there are two factors in particular that are important.

First, complete transparency. Customers and clients need knowledge of exactly what is stored and what is shared. This can, of course, vary depending on use case, but we are finding an increasing trend towards zero retention of customer data worldwide.

Second, the technology needs to allow this degree of privacy. Biometric software should not store or use photos and images of people in a central database. Biometric templates that are mathematical representations of a person’s face can be generated on the device at the edge; an encrypted string of characters under half a kilobyte in size. It is impossible to recreate a face from this data and it is useless to anyone else apart from our system.

Furthermore, as a function of reducing latency in the system, solutions need to undergo authentication processes offline and on-device, limiting the need to transmit any data regarding the individual. The result is a solution that is both secure and private, and precisely the sort of technology implementation that will be required as legislators turn their attention on biometrics in the face of mounting concern over their use in both the public and the private sector.

The future of payments – and more

The secure and private use of biometric data holds out the promise of accelerating the arrival of the cashless society, especially as its effective deployment means that current transaction limit barriers can be discarded. It will enable truly frictionless payments to be enacted, making life easier for customers and businesses alike, while also making new business models such as those based on frequent micro-transactions possible without introducing multiple plain points along the way.

Biometric identity verification also has many uses that stretch beyond the field of financial transactions. Hotel reception check-ins, health club memberships, age verification in licensed premises, financial services onboarding, and more can all benefit from an instant process of verification. But to allow superior experiences that consumers clearly prefer, privacy concerns need to be effectively addressed.

Continue Reading
Editorial & Advertiser disclosure

Recommended