Are Biometrics the Future of Payments Authentication?

Feb 12, 2019
Alan Nevels, Senior Vice President of Card Risk & Merchant Services

Could a fingerprint or iris scan be the answer to consumer password fatigue? Perhaps. In China, several face-detecting  technologies are being used to authorize payments, with the Alipay “Smile to Pay” mobile app among the most popular. Launched in 2017, the Alipay app scans a customer’s face at the point-of-sale and reportedly is successful in identifying the customer in only a few seconds. Customers are asked to smile or otherwise move their face as a security measure or “liveness” test that is employed to prevent fraudsters from attempting to trick the application with a photo. As an extra layer of precaution, customers also receive a second verification through their mobile device. According to reports, the app has even been successful at identifying users even when they attempted to fool it with wigs and heavy makeup.

In the U.S. the primary form of biometric authentication for payments presently relies on fingerprint scans. Today more than 70 percent of all new smart phones come equipped with fingerprint scanners, and popular payment apps like Apple Pay, Samsung, and Google Pay have helped drive acceptance and adoption of this technology. What’s more, consumers have signaled that they want a frictionless and secure means to authenticate payments so that they don’t have to keep track of an ever-growing list of passwords and PINs. A study conducted by  Visa confirmed this with 86 percent of survey respondents stating that they were amenable to using biometrics to verify their identities when making payments.

A Biometrics Boom?

There is no doubt that password or PIN authentication is woefully outdated. Consumers simply can’t keep track of the number of passwords they are required to memorize, leading to reuse of the same password across multiple websites and shopping cart abandonment at the point of sale. Other “what I know” authentication information such as an individual’s address, his or her mother’s maiden name, and other public records are readily hosted on social media sites and sold and shared via the dark web.

“What I am” is infinitely harder to replicate than “what I know” and may also offer the Holy Grail of customer convenience and data security. Scanning an iris or thumb print on a mobile device creates less friction than answering multiple security questions or waiting for  a verification code to be sent via text or email to gain access to an online account.

Adoption Pathways and Considerations

For community banks that are eager to adopt biometrics technology, touch ID for mobile banking apps may be the logical place to begin as many consumers are already comfortable using fingerprint scans to unlock their phones.

But before making serious investments in this technology, it would be wise to wait until ubiquitous rule-sets are developed and policymakers are done battling through standards of use. It is also important to remember that there is a portion of the population who consider biometric authentication creepy and off-putting so allowing them to choose from several authentication options is ideal.

As with any newly introduced technology all players involved in this space will need to breathe through an adjustment period. The main effort will be to balance consumer confidence with the convenience and security that biometric authentication brings.