Biometrics: Slowly Catching On

December 22, 2017         By: Steven Anderson

The notion of using some part of your body as a security mechanism for locking and unlocking accounts isn’t new. The depths to which it’s being used, however, are, at least somewhat. Indeed, biometric security—the practice of making something biologically linked to you and only you a security measure—is catching on, though not without some skepticism and concern.

New word from AYTM Market Research, backed up by Visa, took a survey of 1,000 credit, debit, and / or mobile payments users and discovered that biometric security systems are actually starting to be questioned about their own security. Basically, consumers are concerned that their faces, fingerprints, and such might not be particularly safe “out there”.

While 65 percent of said consumers know what biometrics are, and the same number has either tried it or regularly uses it, just eight percent could claim that there are no drawbacks to such a method of security. Further, 61 percent of surveyed consumers reported using multiple passwords, and 40 percent used multiple PINs. Of them, one in three used unique passwords and PINs for all of their accounts, which could be a huge number of potential passwords in all.

This is also proving a problem for retailers; lost passwords are costing them sales. Over half of the surveyed have abandoned a shopping cart purchase thanks to a forgotten password, and many believe that the best part of biometrics is not having to remember all these passwords any more. Though nearly half—49 percent—are concerned that those unique identifiers could end up as fodder in a data breach.

There should be, at least theoretically, ways to protect biometric data from theft. After all, there’s the matter of encryption out there, and if the data is encrypted it doesn’t particularly matter what a hacker might get in a data breach, because it’s useless without the encryption key in question. If tokenization is used, then it might be that the biometrics just cue a system to generate a token, and aren’t really available to be seized at all, especially if the token is generated on a local machine.

Still, it’s good to see consumers sufficiently astute to know that biometrics isn’t a magic bullet. That should help development of such systems going forward, and take us all off the remember-your-unique-and-strong-password hamster wheel.