Biometric markers could surpass passwords within 12 months. That would mean a shift from notoriously weak letter-and-number combinations to stronger, less hackable protection measures like fingerprint authentication.
So said Mark Nelsen, senior vice- president of risk products and business intelligence at Visa.
Services such as Apple Pay — which requires users to scan their fingerprint to enable transactions — are already preparing the public for that transition, which could blossom in the next 12 to 24 months, Nelsen said.
“It’s moving beyond the password as a way to authenticate yourself and really adopting more of those biometrics,” Nelsen said.
He pointed to Braintree, the Chicago-based payments processor and software developer acquired by PayPal in 2013, as the type of company that could make the technology needed for this shift more accessible.
“They would be one that would be trying to either develop applications that can use that kind of stronger authentication,” Nelsen said.
For example, Braintree could create a program that allows people to log into their accounts with their voice, Nelsen said. The company could then license that out to others who want to offer the same capability.
(Braintree wouldn’t discuss specifics about any such plans, but noted: “Technologies like biometrics present exciting opportunities for payments and other industries to improve their user experience. ... Our parent company, PayPal, has worked with Samsung to allow users to login and pay using their fingerprint on their newest Samsung smartphones and tablet devices — the Galaxy S5, Tab S and Note 4.”)
Widespread adoption of biometric authentication for processes that involve personal data or financial transactions will require something some consumers have lost in recent months: trust. Nelsen said as awareness of and education about the superior security of technologies such as fingerprint scanning grows, so will people’s willingness to use them.
Nelsen acknowledged that implementing such measures could be out of reach for small companies, particularly startups with relatively small budgets. For them, he said, applications and application program interfaces from software companies will provide more affordable avenues.
Companies will likely continue to offer traditional authentication alongside biometric options to give consumers a choice.
But they should at the very least raise their protection standards for the data they hold, Nelsen said.
He recommended companies use encryption and tokenisation, a process through which real data is replaced by placeholder values and the information that could reveal the changes is stored and protected separately. Even if hackers do manage to access encrypted or tokenised data, Nelsen said, they’ll find it useless.
“Our strategy at Visa is we need to focus on devaluing the data in the first place so if it is stolen, it’s simply unusable,” Nelsen said.
“That’s really our core strategy, which is why we’re deploying chip technology in the United States, because it’s that one-time code so if I steal that code I can’t reuse it.” — Tribune News Service
Did you find this article insightful?