Biometric Security: From A Selfie To the Way You Walk

Uploaded on 2015-08-31 in TECHNOLOGY--Developments, NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The mobile, cloud, banking & payments industries must prepare for the shift from traditional authentication to new biometric systems. The way you type can reveal you.

The payments industry, facing the risk of increasingly sophisticated cyber-attacks and various types of credit card fraud, has begun incorporating various types of biometric technology to enhance security and prevent breaches.
As recently reported, MasterCard is launching a facial recognition payment service based on “selfies” taken on a smartphone. This new technology features a photo scanner that creates a map of the shopper’s face, which is then translated into a code for confirmation of future payments.

For now, MasterCard customers must still use a password when making purchases via the “Secure Code” service, but soon a “selfie” from a smartphone will be enough to close transactions. This program is to be tested initially on 500 card users in the coming months. MasterCard stated that it also is working on a payment program based on voice recognition.
MasterCard’s imminent transition to biometrics was preceded by Apple Pay’s launching in October 2014 of a biometric payment technology based on fingerprint ID. The newest iPhone models are equipped with Apple’s Touch ID fingerprint reader.
And then there is PayPal, which has boosted security on its mobile app by using fingerprint sensors that are installed on some Samsung Electronics devices. All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Biometrics: Past, Present and Future

While the payments industry is currently working full steam on various forms of biometric technology aimed at thwarting ever-increasing security breaches in payments technologies, biometrics have been around for quite a while, and the technologies take different forms.

In 1665, Marcello Malphighi was credited with the discovery of the unique patterns of fingerprints. In 1880, Dr. Henry Faulds, a Scottish surgeon, published a paper on how fingerprints can be used for identification.
In 1994, John Daugman developed and patented the first algorithms for iris scanning and recognition. The iris is known to display a network of random patterns which are unique to each individual. Special scanners are used to match these patterns to a database.

A few years later, Christoph von der Malsburg from the University of Bochum in Germany developed a system known as ZN-Face that was capable of making facial matches on imperfect images.

Imagine a world in which there is no need to remember a slew of passwords and PINs. Today, most mainstream biometric recognition is based on fingerprint, palm, iris, facial and voice recognition. Alongside these physiological recognition methods come behavioral biometrics that can recognize a person based on his or her typing rhythm (called keystroke dynamics) or walking gait (which is based on an individual’s movement patterns). Behavioral biometrics are currently considered less reliable than the physiological system, but as this technology is still in its early stages, this premise could change.

Biometric Technology: Is it Really Secure Enough?

Many law enforcement agencies and governments are already using biometric technology because it affords a higher level of security against cyber attacks than other protection methods. The newfound availability of biometric technology for mobile and cloud-based platforms raises the security bar further.

Nevertheless, while there are many who hail biometrics as a game changer, others believe that in its current form it does not provide the necessary level of security to prevent identity theft. The fact is that hackers have succeeded in using photographs to lift fingerprints and access personal accounts. The notorious hacking group called the Chaos Computer Club even replicated the fingerprint of the German Defense Minister.

A lot is happening these days in the field of identification technology to increase security. Qualcomm Technologies recently announced the development of the first comprehensive mobile biometric solution based on ultrasonic technology.
While traditional fingerprint authentication relies on capacitive touch-based sensors, the new Snapdragon solution features ultrasonic-based technology, which captures three-dimensional acoustic detail within the outer layers of skin.
Stephanie Schuckers, an expert in identification technology research, is quoted by PHYS ORG as saying that current research is focusing on “liveness detection,” which would prevent hackers from replicating fingerprints or other biometric methods. This type of technology would have the ability to detect if the real biometric is physically present.

Researchers are seeking to create an optimal arrangement of biometrics and tokenization layers that will ensure high-level security. The ultimate solution technology may involve using a mixture of several forms of biometric authentication, such as skin temperature, palm veins and voice recognition.

A Shopping Utopia Or A Fantasy?

Increased security is not the only consideration when discussing the advantages of biometrics. Imagine a world in which there is no need to remember a slew of passwords and PINs for various sites. According to a survey released by Visa Europe, 69 percent of Europeans aged 16-24 believe that their lives will be “faster and easier” without passwords. Contactless payments would be the next natural step, enabling shoppers to complete transactions far more quickly.
All in all, the stage seems to be set for the large-scale adoption of biometric technology.

Taking this concept a step further, biometrics could enable merchants to identify valued customers, as well as known shoplifters, as soon as they enter a brick-and-mortar store. Theoretically, in the new era of NFC payments, customers would be able to choose whatever items they wish and leave the premises without ever approaching a cashier. Charges would automatically be referred to the customer’s biometric-based records.

This type of technology could merge with the personalized Omni-channel shopping experience that merchants are currently striving to create for their customers. Shopping patterns as we now know them would cease to exist.

Preparing For The Future

The mobile, cloud, banking and payments industries must prepare themselves for the shift from traditional authentication methods to the new biometric systems. Once biometric technology is perfected and becomes cost-effective, its widespread deployment could save merchants and banks millions of dollars and provide high-level protection against cyber attacks.
However, when it comes to the extensive use of biometrics in the payments industry, the biggest hurdle to overcome is widespread adoption. Retailers and consumers will need to concur on the best form of biometric payments before passwords can become obsolete.

TechCrunch:

« Hacking For Cause: Growing Cyber Security Trend
Psychologists Work for GCHQ Deception Unit »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies is a developer and provider of personal information protection and cyber security solutions and services.

MailXaminer

MailXaminer

MailXaminer is an advance and powerful email investigation platform that scans digital data, performs analysis, reports on findings and preserves them in a court validated format.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

RHEA Group

RHEA Group

RHEA Group offers aerospace and security engineering services and solutions, system development, and technologies including cyber security.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

Corsica Technologies

Corsica Technologies

Corsica Technologies is recognized as one of the top managed IT and cybersecurity service providers. Our integrated IT and cybersecurity services protect companies and enable them to succeed.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.