Biometric Security: From A Selfie To the Way You Walk

The mobile, cloud, banking & payments industries must prepare for the shift from traditional authentication to new biometric systems. The way you type can reveal you.

The payments industry, facing the risk of increasingly sophisticated cyber-attacks and various types of credit card fraud, has begun incorporating various types of biometric technology to enhance security and prevent breaches.
As recently reported, MasterCard is launching a facial recognition payment service based on “selfies” taken on a smartphone. This new technology features a photo scanner that creates a map of the shopper’s face, which is then translated into a code for confirmation of future payments.

For now, MasterCard customers must still use a password when making purchases via the “Secure Code” service, but soon a “selfie” from a smartphone will be enough to close transactions. This program is to be tested initially on 500 card users in the coming months. MasterCard stated that it also is working on a payment program based on voice recognition.
MasterCard’s imminent transition to biometrics was preceded by Apple Pay’s launching in October 2014 of a biometric payment technology based on fingerprint ID. The newest iPhone models are equipped with Apple’s Touch ID fingerprint reader.
And then there is PayPal, which has boosted security on its mobile app by using fingerprint sensors that are installed on some Samsung Electronics devices. All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Biometrics: Past, Present and Future

While the payments industry is currently working full steam on various forms of biometric technology aimed at thwarting ever-increasing security breaches in payments technologies, biometrics have been around for quite a while, and the technologies take different forms.

In 1665, Marcello Malphighi was credited with the discovery of the unique patterns of fingerprints. In 1880, Dr. Henry Faulds, a Scottish surgeon, published a paper on how fingerprints can be used for identification.
In 1994, John Daugman developed and patented the first algorithms for iris scanning and recognition. The iris is known to display a network of random patterns which are unique to each individual. Special scanners are used to match these patterns to a database.

A few years later, Christoph von der Malsburg from the University of Bochum in Germany developed a system known as ZN-Face that was capable of making facial matches on imperfect images.

Imagine a world in which there is no need to remember a slew of passwords and PINs. Today, most mainstream biometric recognition is based on fingerprint, palm, iris, facial and voice recognition. Alongside these physiological recognition methods come behavioral biometrics that can recognize a person based on his or her typing rhythm (called keystroke dynamics) or walking gait (which is based on an individual’s movement patterns). Behavioral biometrics are currently considered less reliable than the physiological system, but as this technology is still in its early stages, this premise could change.

Biometric Technology: Is it Really Secure Enough?

Many law enforcement agencies and governments are already using biometric technology because it affords a higher level of security against cyber attacks than other protection methods. The newfound availability of biometric technology for mobile and cloud-based platforms raises the security bar further.

Nevertheless, while there are many who hail biometrics as a game changer, others believe that in its current form it does not provide the necessary level of security to prevent identity theft. The fact is that hackers have succeeded in using photographs to lift fingerprints and access personal accounts. The notorious hacking group called the Chaos Computer Club even replicated the fingerprint of the German Defense Minister.

A lot is happening these days in the field of identification technology to increase security. Qualcomm Technologies recently announced the development of the first comprehensive mobile biometric solution based on ultrasonic technology.
While traditional fingerprint authentication relies on capacitive touch-based sensors, the new Snapdragon solution features ultrasonic-based technology, which captures three-dimensional acoustic detail within the outer layers of skin.
Stephanie Schuckers, an expert in identification technology research, is quoted by PHYS ORG as saying that current research is focusing on “liveness detection,” which would prevent hackers from replicating fingerprints or other biometric methods. This type of technology would have the ability to detect if the real biometric is physically present.

Researchers are seeking to create an optimal arrangement of biometrics and tokenization layers that will ensure high-level security. The ultimate solution technology may involve using a mixture of several forms of biometric authentication, such as skin temperature, palm veins and voice recognition.

A Shopping Utopia Or A Fantasy?

Increased security is not the only consideration when discussing the advantages of biometrics. Imagine a world in which there is no need to remember a slew of passwords and PINs for various sites. According to a survey released by Visa Europe, 69 percent of Europeans aged 16-24 believe that their lives will be “faster and easier” without passwords. Contactless payments would be the next natural step, enabling shoppers to complete transactions far more quickly.
All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Taking this concept a step further, biometrics could enable merchants to identify valued customers, as well as known shoplifters, as soon as they enter a brick-and-mortar store. Theoretically, in the new era of NFC payments, customers would be able to choose whatever items they wish and leave the premises without ever approaching a cashier. Charges would automatically be referred to the customer’s biometric-based records.

This type of technology could merge with the personalized Omni-channel shopping experience that merchants are currently striving to create for their customers. Shopping patterns as we now know them would cease to exist.

Preparing For The Future

The mobile, cloud, banking and payments industries must prepare themselves for the shift from traditional authentication methods to the new biometric systems. Once biometric technology is perfected and becomes cost-effective, its widespread deployment could save merchants and banks millions of dollars and provide high-level protection against cyber attacks.
However, when it comes to the extensive use of biometrics in the payments industry, the biggest hurdle to overcome is widespread adoption. Retailers and consumers will need to concur on the best form of biometric payments before passwords can become obsolete.

TechCrunch:

« Hacking For Cause: Growing Cyber Security Trend
Psychologists Work for GCHQ Deception Unit »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Titus

Titus

Titus is a global leader in enterprise-grade data protection solutions.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

Australian Cyber Security Centre (ACSC)

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

Cympire

Cympire

Cympire significantly increases an organisation’s Cyber Resilience through continuous Training and Assessment. Cyber Security Training Platform. Cloud-based and fully customizable Cyber Range.

Wib

Wib

Wib is an API security leader. We are the only company providing a solution for the entire API development lifecycle.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.