Biometrics: reducing friction and fraud in digital commerce

What if you never needed to type in another password or PIN?
That’s the potential of biometrics: the application of technology and data to analyze the physical and behavioral traits unique to an individual, including their fingerprints, voice, facial or iris structure, and even how they type. Biometrics can help us make authenticating consumers safer and more secure, and do it all in the time it takes to snap a selfie.

Intelligent biometrics offer simplicity and security

Biometrics are the next logical step in the evolution of authentication for two reasons: convenience and security. Snapping a photo or pressing your finger to your smartphone to unlock it is significantly simpler than fumbling with a complex, case-sensitive password on your phone’s keyboard. And since biometric data is unique to each person, it’s substantially harder for criminals to commit fraud—especially at scale.

Biometrics are here and now

A study forecasted that in 2017 there would be nearly 2 billion biometrics payments – up from 600 million in 2016.¹

Logging in with a fingerprint is already mainstream. Taking a selfie is no longer just for showing off your new outfit—now you can authenticate payment for your clothes with a selfie. And voice recognition as an enabler of commerce is an innovation happening right before our eyes (and ears).

Consumers and biometrics facts. See image description below.

Consumers and biometrics

  • 61% think biometrics are easier than passwords.
  • 70% believe that biometrics are faster than passwords.
  • 80%+ will likely use fingerprint or facial recognition for banking.
  • 50%+ would consider leaving banks that don't offer biometric authentication.

SOURCE: Research conducted by AYTM Market Research, September 12-19, 2017, among 1,000 U.S. adult consumers who use at least one credit card, debit card, and/or mobile pay.

---------------------

¹ Juniper Research, “Mobile Payment Security: Biometric Authentication & Tokenisation 2017-2021”

Real-world challenges in front of us

It’s exciting to imagine a world where biometrics reduce the need for passwords and PINs, but we’re not quite there yet. That’s because biometrics can’t work just 80 percent of the time, or even 90 percent of the time.

Biometrics have to work close to 100 percent of the time.

Some of the obstacles to reaching this goal are obvious. If you’ve ever tried to unlock your smartphone with a wet thumb, take a selfie in the dark, or talk to a voice-activated speaker in a noisy room, then you’re already aware of a few real-world challenges.

And while biometrics are difficult to use fraudulently, that doesn’t mean that misuse is impossible.

The biometrics industry is investing in a variety of techniques to make it harder for the fraudsters to spoof a fingerprint, photo or voice and use it to commit fraud. For example, cameras are now capable of registering micromovements or blinking to distinguish between a real cardholder and a photo of the cardholder. “Liveness” checks are available or coming to many biometrics systems.

To foil cybercriminals, we need to work smarter

But it’s not just about the biometrics. If we really want to make our data safer, we also need to be more intelligent about the device that is registering the biometrics. This means detecting the identity, reputation and location of the device being used to initiate the transaction.

Beyond the device, we also need to look at contextual intelligence. To detect the behavioral patterns that make a person unique—such as where and when they shop, the risk profile of the merchant, and whether the transaction is close to home or on the other side of the world. Visa can look at as many as 500 data elements in less than a millisecond to determine if a transaction is suspicious.

The collective intelligence of our ecosystem is essential

With biometrics, we see the opportunity to unleash the true potential of commerce everywhere that consumers and merchants meet to do business. But we know that we can’t do this alone. It will take the collective effort of everyone in the ecosystem—everyone who interacts with a consumer along their shopping journey—to bring the potential of biometric authentication to reality.

The industry needs common, interoperable standards that are both secure and scalable, as well as accelerators such as Visa Ready, which promotes biometric authentication technologies that meet Visa’s requirements for secure payments. We are actively collaborating with technology companies and service providers who are on the cutting edge of these technologies. With them, we are building proofs of concept that help deliver success and further help neutralize vulnerabilities so you don’t have to.

Our approach to biometrics. See image description below.

Our approach to biometrics

  • Partner with third parties, Set principles for security, reliability and interoperability.
  • Promote a standards-based approach.
  • Remain technology and device agnostic.
  • Create solutions, capabilities and tools.
  • Assess the viability of new authentication methods.

For Visa, it all comes full circle back to where we started nearly 60 years ago. Continually enriching the Visa’s global dataset of commerce transactions to build not only a better fraud and risk mousetrap, but also further our vision to create the best payment experiences of the future.

Sign up here to receive the latest from Visa on biometrics and authentication