Biometrics: reducing friction and fraud in digital commerce
Intelligent biometrics offer simplicity and security
Biometrics are the next logical step in the evolution of authentication for two reasons: convenience and security. Snapping a photo or pressing your finger to your smartphone to unlock it is significantly simpler than fumbling with a complex, case-sensitive password on your phone’s keyboard. And since biometric data is unique to each person, it’s substantially harder for criminals to commit fraud—especially at scale.
Biometrics are here and now
A study forecasted that in 2017 there would be nearly 2 billion biometrics payments – up from 600 million in 2016.¹
Logging in with a fingerprint is already mainstream. Taking a selfie is no longer just for showing off your new outfit—now you can authenticate payment for your clothes with a selfie. And voice recognition as an enabler of commerce is an innovation happening right before our eyes (and ears).
SOURCE: Research conducted by AYTM Market Research, September 12-19, 2017, among 1,000 U.S. adult consumers who use at least one credit card, debit card, and/or mobile pay.
¹ Juniper Research, “Mobile Payment Security: Biometric Authentication & Tokenisation 2017-2021”
Real-world challenges in front of us
It’s exciting to imagine a world where biometrics reduce the need for passwords and PINs, but we’re not quite there yet. That’s because biometrics can’t work just 80 percent of the time, or even 90 percent of the time.
Biometrics have to work close to 100 percent of the time.
Some of the obstacles to reaching this goal are obvious. If you’ve ever tried to unlock your smartphone with a wet thumb, take a selfie in the dark, or talk to a voice-activated speaker in a noisy room, then you’re already aware of a few real-world challenges.
And while biometrics are difficult to use fraudulently, that doesn’t mean that misuse is impossible.
The biometrics industry is investing in a variety of techniques to make it harder for the fraudsters to spoof a fingerprint, photo or voice and use it to commit fraud. For example, cameras are now capable of registering micromovements or blinking to distinguish between a real cardholder and a photo of the cardholder. “Liveness” checks are available or coming to many biometrics systems.
To foil cybercriminals, we need to work smarter
But it’s not just about the biometrics. If we really want to make our data safer, we also need to be more intelligent about the device that is registering the biometrics. This means detecting the identity, reputation and location of the device being used to initiate the transaction.
Beyond the device, we also need to look at contextual intelligence. To detect the behavioral patterns that make a person unique—such as where and when they shop, the risk profile of the merchant, and whether the transaction is close to home or on the other side of the world. Visa can look at as many as 500 data elements in less than a millisecond to determine if a transaction is suspicious.
The collective intelligence of our ecosystem is essential
With biometrics, we see the opportunity to unleash the true potential of commerce everywhere that consumers and merchants meet to do business. But we know that we can’t do this alone. It will take the collective effort of everyone in the ecosystem—everyone who interacts with a consumer along their shopping journey—to bring the potential of biometric authentication to reality.
The industry needs common, interoperable standards that are both secure and scalable, as well as accelerators such as Visa Ready, which promotes biometric authentication technologies that meet Visa’s requirements for secure payments. We are actively collaborating with technology companies and service providers who are on the cutting edge of these technologies. With them, we are building proofs of concept that help deliver success and further help neutralize vulnerabilities so you don’t have to.
For Visa, it all comes full circle back to where we started nearly 60 years ago. Continually enriching the Visa’s global dataset of commerce transactions to build not only a better fraud and risk mousetrap, but also further our vision to create the best payment experiences of the future.
Sign up here to receive the latest from Visa on biometrics and authentication