Digital biometric thumb print blue stock
#Identity Technology

From password to thumbprint

Global Trends
6 Mins.

With an ever‐changing regulatory landscape, the business opportunity and consumer attitudes towards biometrics are changing. For years, technologists have been acclaiming biometric authentication as a safe way to link consumers with services, such as mobile payments; consumers have not been so sure.

It’s perhaps unsurprising that consumer attitudes have been mixed. “Researchers have cited several reasons for reluctance to use biometric authentication technology, including lack of confidence in their reliability (for organizations) and user apprehension,” say Rachel German and Suzanne Barber in their University of Texas report, “Consumer Attitudes About Biometric Authentication.”

They point out that while some 70% of users have experience of and high trust in fingerprint scanning, all other biometric systems attract less comfort. Only 13% of users surveyed had used facial recognition, and only 5% gave it the highest level of trust – 35% giving it the lowest.

“Biometric authentication provides customers with unparalleled levels of security, but doesn’t require them to jump through hoops to access mobile banking services “
Jukka Yliuntinen
Head of Digital Payment Solutions, G+D

Protecting sensitive transactions

With the technology in place, the regulators are ready. As part of the single European digital market initiative, the second Payment Services Directive (PSD2)  came into effect in Europe at the start of 2018. As with the General Data Protection Regulation (GDPR), this regulatory package is being seen as a template by the rest of the world, especially with its take on authentication. It mandates Strong Customer Authentication (SCA) requirements to protect important or sensitive transactions through multi‐factor processes – passwords are no longer enough.

A biometric guard dog

Fortunately for those who have to implement services that fall under PSD2 rules, there’s a set of internationally recognized practical standards that meets that need.

Created by the FIDO Alliance (Fast Identity Online) and adopted by the UN agency the International Telecommunication Union, these standards are designed to be user friendly, as well as cryptographically secure and compliant with the PSD2 technical requirements. Biometrics, of course, stay attached to their owner.

One of the principle goals of PSD2 is to provide the infrastructure for open banking, where users feel in control of their data and their authentications enough to trust third parties with their financial information. This infrastructure is only newly in place, so first mover advantage is there for the taking in a number of sectors.

Woman digital biometric authentification
A deep-learning approach has improved the performance and functionality of facial recognition systems

Pay with a smile

Initial marketing efforts will do well to emphasize the highly regulated and technically secure aspect of the modern remote payment environment – secondary only, of course, to the attractions of the new services it enables.

One example is Giesecke+Devrient’s “pay with a smile.” Built on G+D’s FIDO-compliant platforms, it uses layered biometrics to authenticate a user prior to a transaction through facial recognition and other factors, such as voice and fingerprint ID. Layering improves the quality of biometric recognition, both in positively recognizing legitimate users in different environments and in rejecting attackers trying to impersonate or replicate biometrics.

The end result is “much more secure than anything you can do with a PIN card,” according to Jukka Yliuntinen, Head of Digital Payment Solutions, G+D. He says that by moving away from the form‐filling and physical presentation of ID that old‐style banking needed, a stronger emotional connection with a brand can be formed.

With the advent of 3D cameras in smartphones, as well as in point of sale, the simple act of smiling can be mapped to an animated model of how your face moves – adding much more depth to the data used to confirm who you are.

Biometrics is big for business

Biometric payment cards are a big part of making the open banking idea compelling to users, and this opens up a range of new services. In a report on data sharing and open banking, McKinsey’s Laura Brodsky and Liz Oakes identify major disruptions already underway with micro‐lending, credit underwriting and peer‐to‐peer transfers. They cite China’s AliBaba and Tencent as leading the way in integrating payment and finance options with social media and online retail.

Looking ahead, services like Amazon, Apple, Google and eBay all have copious financial and behavioral historical data on their users – data that GDPR makes clear belongs as much to the user as to the services that store them.

With the addition of open banking, built on strong authentication, third‐party services will be able to offer substantial benefits to users by amalgamating all that information. Such ideas are genuinely new, generating value for both users and service providers within the newly regulated environment that creates the trust that makes innovation possible.

Published: 17/05/2020

Share this article

Subscribe to our newsletter

Don’t miss out on the latest articles in G+D SPOTLIGHT: by subscribing to our newsletter, you’ll be kept up to date on latest trends, ideas, and technical innovations – straight to your inbox every month.

Please supply your details: