Could a fingerprint or iris scan be the answer to consumer password fatigue? Perhaps. In China, several face-detecting technologies are being used to authorize payments, with the Alipay “Smile to Pay” mobile app among the most popular. Launched in 2017, the Alipay app scans a customer’s face at the point-of-sale
and reportedly is successful in identifying the customer in only a few seconds. Customers are asked to smile or otherwise move their face as a security measure or “liveness” test that is employed to prevent fraudsters from attempting to
trick the application with a photo. As an extra layer of precaution, customers also receive a second veriﬁcation through their mobile device. According to reports, the app has even been successful at identifying users even when they attempted to fool
it with wigs and heavy makeup.
In the U.S. the primary form of biometric authentication for payments presently relies on ﬁngerprint scans. Today more than 70 percent of all new smart phones come equipped with ﬁngerprint scanners, and popular payment apps like Apple Pay, Samsung, and
Google Pay have helped drive acceptance and adoption of this technology. What’s more, consumers have signaled that they want a frictionless and secure means to authenticate payments so that they don’t have to keep track of an ever-growing
list of passwords and PINs. A study conducted by Visa conﬁrmed this with 86 percent of survey respondents stating that they were amenable to using biometrics to verify their identities when making payments.
A Biometrics Boom?
There is no doubt that password or PIN authentication is woefully outdated. Consumers simply can’t keep track of the number of passwords they are required to memorize, leading to reuse of the same password across multiple websites and shopping cart
abandonment at the point of sale. Other “what I know” authentication information such as an individual’s address, his or her mother’s maiden name, and other public records are readily hosted on social media sites and sold and
shared via the dark web.
“What I am” is inﬁnitely harder to replicate than “what I know” and may also offer the Holy Grail of customer convenience and data security. Scanning an iris or thumb print on a mobile device creates less friction than answering
multiple security questions or waiting for a veriﬁcation code to be sent via text or email to gain access to an online account.
Adoption Pathways and Considerations
For community banks that are eager to adopt biometrics technology, touch ID for mobile banking apps may be the logical place to begin as many consumers are already comfortable using ﬁngerprint scans to unlock their phones.
But before making serious investments in this technology, it would be wise to wait until ubiquitous rule-sets are developed and policymakers are done battling through standards of use. It is also important to remember that there is a portion of the population
who consider biometric authentication creepy and off-putting so allowing them to choose from several authentication options is ideal.
As with any newly introduced technology all players involved in this space will need to breathe through an adjustment period. The main effort will be to balance consumer conﬁdence with the convenience and security that biometric authentication brings.