Biometric Security: From A Selfie To the Way You Walk

Uploaded on 2015-08-31 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The mobile, cloud, banking & payments industries must prepare for the shift from traditional authentication to new biometric systems. The way you type can reveal you.

The payments industry, facing the risk of increasingly sophisticated cyber-attacks and various types of credit card fraud, has begun incorporating various types of biometric technology to enhance security and prevent breaches.
As recently reported, MasterCard is launching a facial recognition payment service based on “selfies” taken on a smartphone. This new technology features a photo scanner that creates a map of the shopper’s face, which is then translated into a code for confirmation of future payments.

For now, MasterCard customers must still use a password when making purchases via the “Secure Code” service, but soon a “selfie” from a smartphone will be enough to close transactions. This program is to be tested initially on 500 card users in the coming months. MasterCard stated that it also is working on a payment program based on voice recognition.
MasterCard’s imminent transition to biometrics was preceded by Apple Pay’s launching in October 2014 of a biometric payment technology based on fingerprint ID. The newest iPhone models are equipped with Apple’s Touch ID fingerprint reader.
And then there is PayPal, which has boosted security on its mobile app by using fingerprint sensors that are installed on some Samsung Electronics devices. All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Biometrics: Past, Present and Future

While the payments industry is currently working full steam on various forms of biometric technology aimed at thwarting ever-increasing security breaches in payments technologies, biometrics have been around for quite a while, and the technologies take different forms.

In 1665, Marcello Malphighi was credited with the discovery of the unique patterns of fingerprints. In 1880, Dr. Henry Faulds, a Scottish surgeon, published a paper on how fingerprints can be used for identification.
In 1994, John Daugman developed and patented the first algorithms for iris scanning and recognition. The iris is known to display a network of random patterns which are unique to each individual. Special scanners are used to match these patterns to a database.

A few years later, Christoph von der Malsburg from the University of Bochum in Germany developed a system known as ZN-Face that was capable of making facial matches on imperfect images.

Imagine a world in which there is no need to remember a slew of passwords and PINs. Today, most mainstream biometric recognition is based on fingerprint, palm, iris, facial and voice recognition. Alongside these physiological recognition methods come behavioral biometrics that can recognize a person based on his or her typing rhythm (called keystroke dynamics) or walking gait (which is based on an individual’s movement patterns). Behavioral biometrics are currently considered less reliable than the physiological system, but as this technology is still in its early stages, this premise could change.

Biometric Technology: Is it Really Secure Enough?

Many law enforcement agencies and governments are already using biometric technology because it affords a higher level of security against cyber attacks than other protection methods. The newfound availability of biometric technology for mobile and cloud-based platforms raises the security bar further.

Nevertheless, while there are many who hail biometrics as a game changer, others believe that in its current form it does not provide the necessary level of security to prevent identity theft. The fact is that hackers have succeeded in using photographs to lift fingerprints and access personal accounts. The notorious hacking group called the Chaos Computer Club even replicated the fingerprint of the German Defense Minister.

A lot is happening these days in the field of identification technology to increase security. Qualcomm Technologies recently announced the development of the first comprehensive mobile biometric solution based on ultrasonic technology.
While traditional fingerprint authentication relies on capacitive touch-based sensors, the new Snapdragon solution features ultrasonic-based technology, which captures three-dimensional acoustic detail within the outer layers of skin.
Stephanie Schuckers, an expert in identification technology research, is quoted by PHYS ORG as saying that current research is focusing on “liveness detection,” which would prevent hackers from replicating fingerprints or other biometric methods. This type of technology would have the ability to detect if the real biometric is physically present.

Researchers are seeking to create an optimal arrangement of biometrics and tokenization layers that will ensure high-level security. The ultimate solution technology may involve using a mixture of several forms of biometric authentication, such as skin temperature, palm veins and voice recognition.

A Shopping Utopia Or A Fantasy?

Increased security is not the only consideration when discussing the advantages of biometrics. Imagine a world in which there is no need to remember a slew of passwords and PINs for various sites. According to a survey released by Visa Europe, 69 percent of Europeans aged 16-24 believe that their lives will be “faster and easier” without passwords. Contactless payments would be the next natural step, enabling shoppers to complete transactions far more quickly.
All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Taking this concept a step further, biometrics could enable merchants to identify valued customers, as well as known shoplifters, as soon as they enter a brick-and-mortar store. Theoretically, in the new era of NFC payments, customers would be able to choose whatever items they wish and leave the premises without ever approaching a cashier. Charges would automatically be referred to the customer’s biometric-based records.

This type of technology could merge with the personalized Omni-channel shopping experience that merchants are currently striving to create for their customers. Shopping patterns as we now know them would cease to exist.

Preparing For The Future

The mobile, cloud, banking and payments industries must prepare themselves for the shift from traditional authentication methods to the new biometric systems. Once biometric technology is perfected and becomes cost-effective, its widespread deployment could save merchants and banks millions of dollars and provide high-level protection against cyber attacks.
However, when it comes to the extensive use of biometrics in the payments industry, the biggest hurdle to overcome is widespread adoption. Retailers and consumers will need to concur on the best form of biometric payments before passwords can become obsolete.

TechCrunch:

« Hacking For Cause: Growing Cyber Security Trend
Psychologists Work for GCHQ Deception Unit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Bloc Ventures

Bloc Ventures

Bloc Ventures is an investment company providing long-term, ‘patient’ equity capital to early stage unquoted deep technology companies.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

Nemstar

Nemstar

Nemstar is a specialist in Information Security & Cyber Training with over 25 years' industry experience.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

CyberXpert

CyberXpert

CyberXpert is your cybersecurity partner for the public and private sector in Belgium.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.