Biometrics: Your body could be your next password
ID by fingerprint, vein scan, voiceprints come closer
By Lisa Bertagnoli | Published: December 14, 2014
Call it body language: Finger prints, vein scans, voiceprints and other unique biological means of authenticating a person's identity for credit card purchases are closer to reality than they are to the Jetsons.
The technology, called biometrics, has existed for decades -- Alexander Graham Bell's father experimented with voiceprints in the 1860s. Yet only now are biometrics poised to go mainstream. Several major financial institutions, among them MasterCard and Wells Fargo Bank, are testing biometrics in conjunction with credit cards. If all goes well, biometrics might one day replace passwords as the go-to payment authentication.
For sound reasons, too. Biometrics, which are as unique to individuals as, well, fingerprints, can't be forgotten, as passwords can. They're also more difficult to steal.
Biometrics "are a win-win for consumers -- there's really no downside," says Janice Kephart, founder and CEO of the Secure Identity & Biometrics Association, a nonprofit trade group based in Washington, D.C. "Nobody can steal your voice."
If biometrics have been around so long, why are they only now making headway? Costs, to start. Kephart says that the bulk of research and development is finished and the price of some enabling technology has fallen dramatically. "It's just getting to the point where (biometrics are) not only fast and efficient but they can build and integrate into other needs," she says.
Another reason is need. In 2014, security breaches reached almost epidemic proportions, as more than 700 breaches exposed an estimated 81.5 million consumer records. Even though biometrics might initially cost more than passwords, Kephart says financial institutions need to work harder to protect their customers' identities, and stanch the losses that stem from breaches.
Some are trying: MasterCard is piloting both a fingerprint-authorized credit card with Zwipe, a Norwegian-based tech firm; and a wristband called Nymi that uses a person's heartbeat to verify payments. Wells Fargo is experimenting with biometric technology that combines voiceprints and facial recognition.
Biometrics won't prevent or lessen security breaches -- that task falls to firewalls and institutions' security measures. They will, however, make it more difficult for thieves to use customers' information.
4 key biometric technologies
Here, in a nutshell, are the four biometric technologies most likely to gain acceptance:
- Fingerprints. Apple's Touch ID, on the iPhone 6 and 6 Plus, incorporates fingerprint authentication to unlock the phones and the mobile wallet Apple Pay. In Norway, the MasterCard Zwipe card activates with the touch of the authorized user's finger; a couple of Australian banks have also implemented fingerprint identification. The big issue? Fingerprints can be copied, as they're left everywhere, including on smartphone screens. "I see it being usurped," says Kephart of the Secure Identity and Biometrics Association.
- Voice recognition and facial recognition. Both override one drawback with biometrics, and that's data collection. "You need hardware to collect the biometrics," says Bryan Chaney, vice president of sales and marketing at SpeechPro, a New York company that makes voice-recognition software. "With voice and face, there are about 2 billion collection devices out there, and they're called smartphones." All smartphones have cameras and microphones, making it easy for users to capture and use their facial features and voiceprints for identification verification.
- Heart rhythms. Bionym, a Toronto-based firm, has developed Nymi, a wristband that carries a recording of a person's electrocardiogram, or unique heartbeat pattern. MasterCard and Royal Bank of Canada are piloting use of the wristband. The technology is expensive, as it requires hardware to capture and record the heart pattern. "There's going to be a price point where it will leave people out," Kephart says.
- Iris and retinal scans. These use the unique characteristics of a person's eye to verify their identification. The FBI, CIA and NASA use retina scans for security; using them to authenticate payments could be more difficult, Kephart says. "It's difficult to get right," she says, and users would have to be trained to use the technology correctly. "The social engineering part is difficult," she says.
What's in it for users
"The main benefit to consumers is a higher level of security access," says Mike Boukadakis, CEO of Enacomm, a Tulsa, Oklahoma, company that, with another firm, VoiceVault, offers voice-recognition technology. "We're just making it more difficult for hackers to get to the data."
Hackers, yes, as well as "sweet-talking fraudsters," says Chaney. These "fraudsters" can whittle away at unsuspecting customer-service center employees to grab bits of information -- the last four digits of a Social Security number, part of an address -- and knit those bits together to nab identities. With biometric identification, "it's much more difficult," Chaney says.
The human body carries enough unique information to create a virtual science fair of biometric experiments: There are biometrics that use gait, ear shape, hand shape and even DNA, the most distinguishing element of all, to identify and authenticate.
- Abolish the password? Card issuers are working on that – Credit card issuers and banks aim to phase out passwords over the next few years with the help of biometric authentication ...
- Startups use tech to put cardholders in charge of security – With data beaches on the rise, startup companies are developing new options that help consumers minimize their exposure to a possible hack ...
- Which banks let you personalize your credit card? – If you've ever wanted to take you favorite pet with you in the in the grocery store or to a fancy restaurant, consider plastering their likeness on a credit card ...