Biometric Security: From A Selfie To the Way You Walk

Uploaded on 2015-08-31 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The mobile, cloud, banking & payments industries must prepare for the shift from traditional authentication to new biometric systems. The way you type can reveal you.

The payments industry, facing the risk of increasingly sophisticated cyber-attacks and various types of credit card fraud, has begun incorporating various types of biometric technology to enhance security and prevent breaches.
As recently reported, MasterCard is launching a facial recognition payment service based on “selfies” taken on a smartphone. This new technology features a photo scanner that creates a map of the shopper’s face, which is then translated into a code for confirmation of future payments.

For now, MasterCard customers must still use a password when making purchases via the “Secure Code” service, but soon a “selfie” from a smartphone will be enough to close transactions. This program is to be tested initially on 500 card users in the coming months. MasterCard stated that it also is working on a payment program based on voice recognition.
MasterCard’s imminent transition to biometrics was preceded by Apple Pay’s launching in October 2014 of a biometric payment technology based on fingerprint ID. The newest iPhone models are equipped with Apple’s Touch ID fingerprint reader.
And then there is PayPal, which has boosted security on its mobile app by using fingerprint sensors that are installed on some Samsung Electronics devices. All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Biometrics: Past, Present and Future

While the payments industry is currently working full steam on various forms of biometric technology aimed at thwarting ever-increasing security breaches in payments technologies, biometrics have been around for quite a while, and the technologies take different forms.

In 1665, Marcello Malphighi was credited with the discovery of the unique patterns of fingerprints. In 1880, Dr. Henry Faulds, a Scottish surgeon, published a paper on how fingerprints can be used for identification.
In 1994, John Daugman developed and patented the first algorithms for iris scanning and recognition. The iris is known to display a network of random patterns which are unique to each individual. Special scanners are used to match these patterns to a database.

A few years later, Christoph von der Malsburg from the University of Bochum in Germany developed a system known as ZN-Face that was capable of making facial matches on imperfect images.

Imagine a world in which there is no need to remember a slew of passwords and PINs. Today, most mainstream biometric recognition is based on fingerprint, palm, iris, facial and voice recognition. Alongside these physiological recognition methods come behavioral biometrics that can recognize a person based on his or her typing rhythm (called keystroke dynamics) or walking gait (which is based on an individual’s movement patterns). Behavioral biometrics are currently considered less reliable than the physiological system, but as this technology is still in its early stages, this premise could change.

Biometric Technology: Is it Really Secure Enough?

Many law enforcement agencies and governments are already using biometric technology because it affords a higher level of security against cyber attacks than other protection methods. The newfound availability of biometric technology for mobile and cloud-based platforms raises the security bar further.

Nevertheless, while there are many who hail biometrics as a game changer, others believe that in its current form it does not provide the necessary level of security to prevent identity theft. The fact is that hackers have succeeded in using photographs to lift fingerprints and access personal accounts. The notorious hacking group called the Chaos Computer Club even replicated the fingerprint of the German Defense Minister.

A lot is happening these days in the field of identification technology to increase security. Qualcomm Technologies recently announced the development of the first comprehensive mobile biometric solution based on ultrasonic technology.
While traditional fingerprint authentication relies on capacitive touch-based sensors, the new Snapdragon solution features ultrasonic-based technology, which captures three-dimensional acoustic detail within the outer layers of skin.
Stephanie Schuckers, an expert in identification technology research, is quoted by PHYS ORG as saying that current research is focusing on “liveness detection,” which would prevent hackers from replicating fingerprints or other biometric methods. This type of technology would have the ability to detect if the real biometric is physically present.

Researchers are seeking to create an optimal arrangement of biometrics and tokenization layers that will ensure high-level security. The ultimate solution technology may involve using a mixture of several forms of biometric authentication, such as skin temperature, palm veins and voice recognition.

A Shopping Utopia Or A Fantasy?

Increased security is not the only consideration when discussing the advantages of biometrics. Imagine a world in which there is no need to remember a slew of passwords and PINs for various sites. According to a survey released by Visa Europe, 69 percent of Europeans aged 16-24 believe that their lives will be “faster and easier” without passwords. Contactless payments would be the next natural step, enabling shoppers to complete transactions far more quickly.
All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Taking this concept a step further, biometrics could enable merchants to identify valued customers, as well as known shoplifters, as soon as they enter a brick-and-mortar store. Theoretically, in the new era of NFC payments, customers would be able to choose whatever items they wish and leave the premises without ever approaching a cashier. Charges would automatically be referred to the customer’s biometric-based records.

This type of technology could merge with the personalized Omni-channel shopping experience that merchants are currently striving to create for their customers. Shopping patterns as we now know them would cease to exist.

Preparing For The Future

The mobile, cloud, banking and payments industries must prepare themselves for the shift from traditional authentication methods to the new biometric systems. Once biometric technology is perfected and becomes cost-effective, its widespread deployment could save merchants and banks millions of dollars and provide high-level protection against cyber attacks.
However, when it comes to the extensive use of biometrics in the payments industry, the biggest hurdle to overcome is widespread adoption. Retailers and consumers will need to concur on the best form of biometric payments before passwords can become obsolete.

TechCrunch:

« Hacking For Cause: Growing Cyber Security Trend
Psychologists Work for GCHQ Deception Unit »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

Referentia

Referentia

Referentia leads the development of critical infrastructure solutions that benefit society, including cyber security and network performance management.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.

AVIANET

AVIANET

AVIANET's goal is to empower enterprises and corporations worldwide and manage their digital transformation journey with confidence.