Mobile Payments, Point-of-Sale Could Increasingly Call on Biometrics

For a while, mobile payments seemed to be following the standard security formula of password and username, sometimes with or without the concept of a PIN involved somewhere. However, in recent months, biometrics—the ability to take a component of human biology and use it as the focal point for a security process—has come into vogue, and it’s increasingly being spotted all over the market.

Touche, a Singaporean firm that offers mobile point-of-sale (PoS) systems, recently started offering a fingerprint reader that would allow consumers to shop, even when they’ve left their wallet behind. That might sound hard to believe—not without storing data—but what happens is that, when used, the system creates a template that’s encrypted and stored, then the card information connected to that encrypted template is tokenized. The end result is a system that works like stored data, but isn’t actually thanks to the encryption and tokenization processes.

More importantly, Touche isn’t the only firm using such a concept. Ingenico recently brought out a biometric PoS system, and so did Samsung. Both Mastercard and Visa recently got into that fray themselves, and HSBC offered a biometric access point for both financial services and retail banking customers back in May.

Visa’s Jack Forestell, head of global merchant solutions, noted “The world is quickly moving toward a future that will be free of passwords, as consumers realize how biometric technologies can make their lives easier.”

Biometrics are a wonderful notion for security. The whole concept perfectly bridges the gap between ease of use and strength of security. While passwords and user name combinations are excellent in their way, they need to be changed routinely for the best effect. Plus, they have to be sufficiently strong; while there’s value in the “correcthorsebatterystaple” school of password strength—a few words strung together provides strength from the sheer number of characters—sometimes remembering the words in question is a challenge.

Biometrics allows passwords to be as simple as pressing a fingertip to a device, while being extremely secure. Who else, after all, has your fingerprint? Even if someone did, would they know where to use it? Considering how easy it can be to add biometrics to mobile PoS, or mobile payments, operations, the end result should be welcome for any mobile user.