SumUpBlog

What is biometric data? Privacy, payments and password protection

According to a report from the security firm, Shape Security, 2.3 billion personal credentials were exposed in 2017. And to be honest, this is no surprise considering some of the most commonly used passwords out there are ‘123456’, ‘password’, and ‘sunshine.’

With roughly 90% of passwords proving to be hackable, it’s clear our personal and corporate security methods haven’t been keeping up with the imminent and brisk growth of the internet and the intelligence of hackers. But what if our passwords were something nobody else could imitate?

Regulating the digital revolution has long been a concern, and while it can often feel out of our control, biometric data as a form of authentication is starting to turn things around.

When you hear the term ‘biometrics’ it’s easy to envision something out of a sci-fi movie (or to have absolutely no idea what we are talking about). And considering we were all dialling up for internet and listening to music on cassettes a mere 25 years ago, this feeling isn’t too far off. While a lot of people may not be familiar with the term, they’ve probably submitted and used biometric data within their lifetime, if not on a daily basis. After all, it’s estimated that 90% of businesses will engage in biometric authentication technology by 2020 and 62% already do.

Whether you regularly use a fingerprint or face-scan to make payments, or you find the whole thing a bit daunting, it’s apparent that using our very personal data is going to play a big part in the future. So let’s educate ourselves on it.

Photograph: Micah McGee/The Guardian

What exactly are biometrics?

Let’s break this down…

Fancy name aside, it is pretty easy to come to terms with. Biometrics is the recognition of an individual based on their biological and behavioural characteristics. Basically, it is the process in which your individual attributes are used for identification and authentication purposes.

So, what types of biometric data can be used for recognition?

  • Retina recognition

  • Facial recognition

  • Hand and finger geometry

  • Voice recognition

  • Vein recognition

  • DNA matching

  • Walking style

  • Odour (don’t know how we feel about this one)

  • Typing or writing recognition

The possibilities are endless, and quite literally, right at your fingertips.

What are they good for?

Using our biological data as a form of authentication has been around for longer than you might think. While we traditionally associate it with law enforcement, the government or scary airport security, it only really came into the public consciousness through the widespread purchasing of smartphones and the gradual shift from banks to online banking.

The easiest example? The smartphone. A whopping 90% of smartphones are able to accommodate facial recognition software and 80% can do the same for voice-activated identification. The iPhone X’s neural engine alone uses 30,000 dots and infrared imaging to confirm the identity of its user. So it really is no wonder that users are trading in their phone PIN for fingerprint locks and facial scans.

We’ve moved our entire worlds onto our phones so it makes sense that companies like Apple are seeking to make them as secure as possible. Anyone can guess the password to your phone through trial and error, but nobody else can imitate the individual patterns on your thumb or the unique markings of your iris.

Don’t get us wrong, the technology has not been totally mastered yet, and nothing in the digital world can be labelled as 100% secure, but biometric keys are certainly safer than you might think.

Let’s talk about privacy

The privacy of this new wave of technology is under discussion, and we get it. It doesn’t get more personal than using features such as your face or fingerprint. The use of an iris scan–even when multi-factor authentication is involved–still feels a lot more invasive than a PIN. But the truth is, while not foolproof, it can be significantly safer when executed properly.

Identity theft protection is a big issue. In the UK alone, it is the most common type of fraud to take place against an individual, affecting an estimated 3 million people in 2016. The cost? £5.4 billion a year. Experts point towards biometrics as a solution to this. But there are a few things that need to be taken into consideration first.

When it comes to money, everything is online now anyway, and consumers have comfortably shifted to a world of digitalised credit, where they arguably have more control over their finances. So if your credit is already a string of numbers in the online world, surely biometrics is exactly the same but with added safety? Something we need to bear in mind is that like any data, it can be hacked.

One of the only benefits token identification, such as a PIN, has against biometrics is that they can be changed. If your PIN is comprised, all that’s required is a call to the bank or a trip to an ATM machine. Biometric data isn’t something you can lose. You’re not going to forget it anywhere and not be able to make a payment. But, if not properly enforced, biometric data can be taken or manipulated and it can’t be replaced.

Saying that, it is still deemed an increasingly safer option, especially when combined with multi-factor authentication solutions, which most companies already implement, particularly when finances are involved. A study by Juniper Research pointed out that biometric keys enable exceptionally secure cloud-based identity checks, so while it isn’t 100% foolproof yet, it’s getting there. In fact, researchers predicted that by 2023 over 1.5 billion smartphones will use the technology.

Finally, we need to acknowledge that many victims of identity theft have pointed out how difficult it is to prove that the theft has actually taken place. But, when biometrics are involved, there’s no doubt who the real person is. Take E-passports for instance–the use of biometric information with passport control has helped to prevent identity theft and the manipulation of documents.

Photograph: Micah McGee/The Guardian

Public perception: How do we really feel about it all?

The International Biometrics Identity Association compiled various studies on how the technology is perceived within the public domain, and naturally, the results have continued to evolve as people develop a sense of familiarity with it.

In 2016, Accenture surveyed citizens in six countries and found that 89% of people said they were willing to use biometric recognition software when travelling across international borders. 80% of Brits saying they were willing to trade in their passwords for biometric security and 53% said they would want their banks to use fingerprint recognition technology with digital banking. 3 in 5 people view biometric authentication software as being just as secure or even more secure than token password identification.

Unisys also discovered that 86% of Americans would prefer using biometrics for identity verification when making payments. The main driver behind this? Getting rid of all those pesky passwords. Intel Security estimated that the average person has 27 varying online logins, and unless you’re keeping them all in an encrypted spreadsheet, it’s hard to keep up and keep them safe.

One thing that really emerged from all of these studies was that people, millennials, in particular, are ready for biometrics and are starting to view them as a safer and easier alternative to PINS and passwords.

Most backlash on the use of the technology is faced when governments come into the equation as former Biometrics Commissioner, Alastair MacGregor pointed out “more people were concerned about Government use.” The cause being a fear of “state control and surveillance.” But this is an issue we do not see with banks or payment providers.

Biometric payments

Let’s dig a little deeper into biometric payments…

Juniper Research unearthed something pretty interesting–“2 billion biometrically authenticated payments were made in 2017. By 2021, 18 billion biometrically authenticated transactions are predicted.” They also expect mobile biometrics to authenticate 2 trillion dollars worth of sales by 2023. These seem like shocking statistics when you initially read it, but upon reflection, it makes sense.

Take the smartphone for instance. Most of us are walking around with portable POS systems in our pockets. Every time you download an app, order something online or update a subscription on your phone, you're making a transaction. And we can probably all vouch that making mobile payments is ten times easier using a quick face or fingerprint scan.

Towards the end of 2017, research by Deloitte pinpointed that 12 million UK smartphone owners use their fingerprint scanner and 35% of them use it by means of payment. This was already one third higher than the previous year and is probably significantly higher now.

We’re even seeing biometric-licensed ATMs start to pop up in places like India where they are offering the most rural of areas a gateway into a cashless society. And this shift towards a cashless society and online banking can be seen through UK bank closures.

The BBC established that 60 bank branches close every month with 2,868 branches having closed between 2015 and 2018. It’s evident banks are going to have to adopt a more modern approach, and perhaps a shift towards biometrics is the way to go about this.

One way that Europe has started to take a more modern approach to banking is through the recent PSD2 act and the UK’s version, Open Banking. What this basically means is banks are finally opening up their data, and while this may sound like you’re losing control of your data, you’re actually gaining it.

First things first, in order for the data to be shared between third parties, your consent is needed, and you can opt out. Secondly, the opening up of this data will be incredibly insightful. It will make it easier to take out loans, control your finances and help you to find out more about your bank.

The data will help revolutionise the banking industry with ‘Financial Service Authority’ approved startups and innovators gaining access to it, they will have the opportunity to shake up the industry through tailored product releases based on the uncovered data. A clause in PSD2 also makes two-factor authentication a legal requirement for all electronic payments in a bid to make things more secure. In comes biometrics...

What does the future hold?

Biometrics has the chance to revolutionise the payment industry, but as Forbes reported, the possibilities that lie within its collision with other industries are just as great.

“The use of biometric technology can extend to power smart cities, transportation, and other ecosystems. For example, when you look at the shared vehicle and autonomous vehicle market globally, identity will be really important. Eventually, items like credit cards, insurance cards and drivers licenses could become more easily and securely represented by your biometrics instead of a plastic card.”

Biometrics have already begun to assist humanitarian aid work in the UN and The World Food Programme and helped accuracy within the healthcare industry to improve. The implementation of biometrics will also allow for day-to-day processes to simplify.

Take the 2020 Olympic Games for instance. Tokyo will put face recognition security measures into place, and guests will have the option to use their fingerprints as payment.

However, while the advancement of biometrics is inevitable, security measures and transparency will have to quickly follow suit in order for it to be truly successful. As a society, we need to be comfortable enough with the regulation and execution of the technology to entrust it with the most private aspects of our lives.

For more business tips, tricks and stories, visit the SumUp blog.

twitterfacebooklinkedin

Anna Marie Allgaier