Biometric Security: From A Selfie To the Way You Walk

The mobile, cloud, banking & payments industries must prepare for the shift from traditional authentication to new biometric systems. The way you type can reveal you.

The payments industry, facing the risk of increasingly sophisticated cyber-attacks and various types of credit card fraud, has begun incorporating various types of biometric technology to enhance security and prevent breaches.
As recently reported, MasterCard is launching a facial recognition payment service based on “selfies” taken on a smartphone. This new technology features a photo scanner that creates a map of the shopper’s face, which is then translated into a code for confirmation of future payments.

For now, MasterCard customers must still use a password when making purchases via the “Secure Code” service, but soon a “selfie” from a smartphone will be enough to close transactions. This program is to be tested initially on 500 card users in the coming months. MasterCard stated that it also is working on a payment program based on voice recognition.
MasterCard’s imminent transition to biometrics was preceded by Apple Pay’s launching in October 2014 of a biometric payment technology based on fingerprint ID. The newest iPhone models are equipped with Apple’s Touch ID fingerprint reader.
And then there is PayPal, which has boosted security on its mobile app by using fingerprint sensors that are installed on some Samsung Electronics devices. All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Biometrics: Past, Present and Future

While the payments industry is currently working full steam on various forms of biometric technology aimed at thwarting ever-increasing security breaches in payments technologies, biometrics have been around for quite a while, and the technologies take different forms.

In 1665, Marcello Malphighi was credited with the discovery of the unique patterns of fingerprints. In 1880, Dr. Henry Faulds, a Scottish surgeon, published a paper on how fingerprints can be used for identification.
In 1994, John Daugman developed and patented the first algorithms for iris scanning and recognition. The iris is known to display a network of random patterns which are unique to each individual. Special scanners are used to match these patterns to a database.

A few years later, Christoph von der Malsburg from the University of Bochum in Germany developed a system known as ZN-Face that was capable of making facial matches on imperfect images.

Imagine a world in which there is no need to remember a slew of passwords and PINs. Today, most mainstream biometric recognition is based on fingerprint, palm, iris, facial and voice recognition. Alongside these physiological recognition methods come behavioral biometrics that can recognize a person based on his or her typing rhythm (called keystroke dynamics) or walking gait (which is based on an individual’s movement patterns). Behavioral biometrics are currently considered less reliable than the physiological system, but as this technology is still in its early stages, this premise could change.

Biometric Technology: Is it Really Secure Enough?

Many law enforcement agencies and governments are already using biometric technology because it affords a higher level of security against cyber attacks than other protection methods. The newfound availability of biometric technology for mobile and cloud-based platforms raises the security bar further.

Nevertheless, while there are many who hail biometrics as a game changer, others believe that in its current form it does not provide the necessary level of security to prevent identity theft. The fact is that hackers have succeeded in using photographs to lift fingerprints and access personal accounts. The notorious hacking group called the Chaos Computer Club even replicated the fingerprint of the German Defense Minister.

A lot is happening these days in the field of identification technology to increase security. Qualcomm Technologies recently announced the development of the first comprehensive mobile biometric solution based on ultrasonic technology.
While traditional fingerprint authentication relies on capacitive touch-based sensors, the new Snapdragon solution features ultrasonic-based technology, which captures three-dimensional acoustic detail within the outer layers of skin.
Stephanie Schuckers, an expert in identification technology research, is quoted by PHYS ORG as saying that current research is focusing on “liveness detection,” which would prevent hackers from replicating fingerprints or other biometric methods. This type of technology would have the ability to detect if the real biometric is physically present.

Researchers are seeking to create an optimal arrangement of biometrics and tokenization layers that will ensure high-level security. The ultimate solution technology may involve using a mixture of several forms of biometric authentication, such as skin temperature, palm veins and voice recognition.

A Shopping Utopia Or A Fantasy?

Increased security is not the only consideration when discussing the advantages of biometrics. Imagine a world in which there is no need to remember a slew of passwords and PINs for various sites. According to a survey released by Visa Europe, 69 percent of Europeans aged 16-24 believe that their lives will be “faster and easier” without passwords. Contactless payments would be the next natural step, enabling shoppers to complete transactions far more quickly.
All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Taking this concept a step further, biometrics could enable merchants to identify valued customers, as well as known shoplifters, as soon as they enter a brick-and-mortar store. Theoretically, in the new era of NFC payments, customers would be able to choose whatever items they wish and leave the premises without ever approaching a cashier. Charges would automatically be referred to the customer’s biometric-based records.

This type of technology could merge with the personalized Omni-channel shopping experience that merchants are currently striving to create for their customers. Shopping patterns as we now know them would cease to exist.

Preparing For The Future

The mobile, cloud, banking and payments industries must prepare themselves for the shift from traditional authentication methods to the new biometric systems. Once biometric technology is perfected and becomes cost-effective, its widespread deployment could save merchants and banks millions of dollars and provide high-level protection against cyber attacks.
However, when it comes to the extensive use of biometrics in the payments industry, the biggest hurdle to overcome is widespread adoption. Retailers and consumers will need to concur on the best form of biometric payments before passwords can become obsolete.

TechCrunch:

« Hacking For Cause: Growing Cyber Security Trend
Psychologists Work for GCHQ Deception Unit »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Verastel

Verastel

Specializing in the niche space of proactive cyber-defense, and adaptive resilience, team Verastel is bolstering enterprise digital security like never before.