The Risk of Using Biometrics to Secure Mobile Payments

Enterprise Security Magazine | Friday, November 30, 2018

Biometrics is an evolving technology that has found excellent use in privileging access and identity authentication. This security technology has become an intrinsic part of a range of sectors, ranging from government and military organizations to private companies and industries in the healthcare and telecom sectors. The growth of confidential data makes it increasingly crucial for excellent authentication solutions that raise security within the mobile environment.

Biometric technology performs authentication using a person’s physiological characteristics, such as fingerprints, palm print, iris/retina identification, or face or voice recognition. This has effectively replaced the traditional method of entering PINs or passwords in many places, including mobile payment systems. Mobile payments form an important part of the world today, and it is popularly believed that biometrics is the ultimate tool to secure mobile payment mechanisms. However, it is important to note that this might not provide as much security as required.

Projections from MarketsandMarkets predict that the mobile biometrics market, worth $4.03 billion in 2015, is expected to grow to $9.33 billion by 2022. The market is thus growing at a compound annual growth rate of 29.3 percent, which cannot be slighted easily. However, there are several problems with the concept of this marketplace that need to be addressed. Chief among these is the process by which data is captured for later use is not completely reliable, and the lack of accuracy might mean that the biometric security system is flawed. Moreover, users often approach biometrics differently at different times. Another cause of concern is that biometrics require to be updated frequently. While fingerprints are considered to be constant, they might change over time, or as the result of an injury. Voice and facial structure changes can result from the same causes.

A significant amount of thought and consideration is required to address these issues, but some success has been achieved by using a layered approach that integrates biometrics and other factors to enhance user experience. This process also provides a portion of error forgiveness—the system is less likely to lock a user out for not looking or sounding the exact same all the time. However, a mobile security measure cannot be too forgiving, for in that case the protection aspect is lost, which leads to the creation of a new problem.

The field of biometrics is still developing and is expected to improve a lot in the coming years. However, using biometrics in mobile security will be more beneficial compared to the password/username system that has dominated the landscape for decades.

Weekly Brief