Biometrics: Your body could be your next password

ID by fingerprint, vein scan, voiceprints come closer


Call it body language: Finger prints, vein scans, voiceprints and other unique biological means of authenticating a person's identity for credit card purchases are closer to reality than they are to the Jetsons.

The technology, called biometrics, has existed for decades -- Alexander Graham Bell's father experimented with voiceprints in the 1860s. Yet only now are biometrics poised to go mainstream. Several major financial institutions, among them MasterCard and Wells Fargo Bank, are testing biometrics in conjunction with credit cards. If all goes well, biometrics might one day replace passwords as the go-to payment authentication.

For sound reasons, too. Biometrics, which are as unique to individuals as, well, fingerprints, can't be forgotten, as passwords can. They're also more difficult to steal.

Biometrics: Your body could be your next password

Biometrics "are a win-win for consumers -- there's really no downside," says Janice Kephart, founder and CEO of the Secure Identity & Biometrics Association, a nonprofit trade group based in Washington, D.C.  "Nobody can steal your voice."

If biometrics have been around so long, why are they only now making headway? Costs, to start. Kephart says that the bulk of research and development is finished and the price of some enabling technology has fallen dramatically. "It's just getting to the point where (biometrics are) not only fast and efficient but they can build and integrate into other needs," she says. 

Another reason is need. In 2014, security breaches reached almost epidemic proportions, as more than 700 breaches exposed an estimated 81.5 million consumer records. Even though biometrics might initially cost more than passwords, Kephart says financial institutions need to work harder to protect their customers' identities, and stanch the losses that stem from breaches.

Some are trying: MasterCard is piloting both a fingerprint-authorized credit card with Zwipe, a Norwegian-based tech firm; and a wristband called Nymi that uses a person's heartbeat to verify payments. Wells Fargo is experimenting with biometric technology that combines voiceprints and facial recognition.

Biometrics won't prevent or lessen security breaches -- that task falls to firewalls and institutions' security measures. They will, however, make it more difficult for thieves to use customers' information.


4 key biometric technologies
Here, in a nutshell, are the four biometric technologies most likely to gain acceptance:

  1. Fingerprints. Apple's Touch ID, on the iPhone 6 and 6 Plus, incorporates fingerprint authentication to unlock the phones and the mobile wallet Apple Pay. In Norway, the MasterCard Zwipe card activates with the touch of the authorized user's finger; a couple of Australian banks have also implemented fingerprint identification. The big issue? Fingerprints can be copied, as they're left everywhere, including on smartphone screens. "I see it being usurped," says Kephart of the Secure Identity and Biometrics Association.
  2. Voice recognition and facial recognition. Both override one drawback with biometrics, and that's data collection. "You need hardware to collect the biometrics," says Bryan Chaney, vice president of sales and marketing at SpeechPro, a New York company that makes voice-recognition software. "With voice and face, there are about 2 billion collection devices out there, and they're called smartphones." All smartphones have cameras and microphones, making it easy for users to capture and use their facial features and voiceprints for identification verification.
  3. Heart rhythms. Bionym, a Toronto-based firm, has developed Nymi, a wristband that carries a recording of a person's electrocardiogram, or unique heartbeat pattern. MasterCard and Royal Bank of Canada are piloting use of the wristband. The technology is expensive, as it requires hardware to capture and record the heart pattern. "There's going to be a price point where it will leave people out," Kephart says.
  4. Iris and retinal scans. These use the unique characteristics of a person's eye to verify their identification. The FBI, CIA and NASA use retina scans for security; using them to authenticate payments could be more difficult, Kephart says. "It's difficult to get right," she says, and users would have to be trained to use the technology correctly. "The social engineering part is difficult," she says.

What's in it for users
"The main benefit to consumers is a higher level of security access," says Mike Boukadakis, CEO of Enacomm, a Tulsa, Oklahoma, company that, with another firm, VoiceVault, offers voice-recognition technology.  "We're just making it more difficult for hackers to get to the data."

Hackers, yes, as well as "sweet-talking fraudsters," says Chaney. These "fraudsters" can whittle away at unsuspecting customer-service center employees to grab bits of information -- the last four digits of a Social Security number, part of an address -- and knit those bits together to nab identities. With biometric identification, "it's much more difficult," Chaney says.

The human body carries enough unique information to create a virtual science fair of biometric experiments: There are biometrics that use gait, ear shape, hand shape and even DNA, the most distinguishing element of all, to identify and authenticate.

See related: How to secure data on your smartphone, 4 ways crooks cash in on your personal and financial data, Online fraud may surge after EMV chip card rollout

Published: December 14, 2014

Join the discussion
We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

If you are commenting using a Facebook account, your profile information may be displayed with your comment depending on your privacy settings. By leaving the 'Post to Facebook' box selected, your comment will be published to your Facebook profile in addition to the space below.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.

Follow Us

Updated: 10-27-2016

Weekly newsletter
Get the latest news, advice, articles and tips delivered to your inbox. It's FREE.