Bringing Payments to your Fingertips: How Biometrics are Changing Payment Security and Access

August 14, 2018         By: Kevin Trilli

The way we make payments is changing. A big part of the transformation is biometrics – technology that’s becoming increasingly popular, especially when it comes to identity authentication. Using the unique characteristics of an individual to identify them isn’t new. But combining them with a traditional credit or debit card, means consumers can now make payments with their fingerprints, a selfie, or simply by saying a word or phrase out loud. According to IBM, 75% of millennials are now comfortable using biometrics and 87% of all adults say they’ll be comfortable with them in the future. This could mean traditional payment methods, such as the use of a PIN or password, might be outdated before we know it.

The introduction of biometrics to the payments process is disrupting the wider industry in two major ways. First, it’s making the customer experience more convenient; and second, it’s reducing the risk of their identity being stolen in the process. When it comes to making a payment, the right balance needs to be struck between consumer convenience, and consumer security. Biometrics are helping achieve this perfect balance, and coupled with cutting-edge technology like machine learning and artificial intelligence, will keep us one step ahead of fraudsters in the future.


The consumer comes first

Modern consumers have increasingly busy lifestyles and conflicting demands. The average consumer neither wants nor has time to keep track of multiple different passwords or PINs, especially if it exposes them to fraudulent activity. That services can be accessed almost instantaneously and without cost is now a basic expectation – and delivering a smooth, frictionless experience for customers a necessity if providers want to remain competitive.

Convenience and control have always steered innovation in the payments industry, as the widespread adoption of contactless cards over the past 10 years shows. Time is money – and bringing payments to a customer’s fingertips is just the latest innovation that’s helping enhance the customer journey. And it’s gathering speed: Mastercard has already announced that from April 2019, card users will be able to make payments using fingerprint and facial recognition technology, with new scanners built into cards.


Tackling identity fraud

But convenience can’t be everything. Though making payments from your mobile device creates a wealth of opportunities, the security of a customer’s information during the process needs serious consideration. While speed of transaction is important, so is catching those trying to commit fraud. Identity fraud is a global problem, and it’s only getting worse – whether it’s committed through stealing or cloning someone’s card or attaining their identity to launder money. Identity theft is the fastest growing crime in the US and accounts for half of all reported fraud in the UK, with 1 in 60 online transactions attempted globally being fraudulent.

Secure, reliable authentication and identity verification procedures have never been more crucial. As biometric technologies have developed, so too have the techniques employed by fraudsters to try and defraud customers. ‘Spoofing’ attempts on payments – such as using a picture of a face from the internet, or even a mask to try and trick facial recognition technology into thinking it’s the same person – are common.

The benefit of robust biometrics in authenticating payments is that they stop these attempts from being truly scalable. Fraudsters want to find a way of committing fraud, and to repeat it again and again. By introducing additional layers of authentication, such as a hybrid approach that combines technology and human verification, it’s far more difficult for that to happen. Introducing liveness tests into the authentication process can also help. A liveness test protects against spoofing by checking that the identifying biometrics belong to a real, present person – not just a picture pulled from the internet. Onfido’s requires a user making a payment to read out three randomly generated numbers and to perform a simple movement, for instance – it confirms that they’re alive and presenting the information.


Widespread adoption will be sooner rather than later

In the future, most transactions that carry a risk will require an identity check involving some form of biometric authentication. Acuity Market Intelligence predicts that by 2022, mobile biometric solutions will authenticate more than 1 trillion transactions annually, driving the market to $50.6 billion in annual revenue that year.

Consumers are already starting to see the benefits from biometric technology in their payment methods. Apple, after introducing fingerprint scanners on iPhones as a form of Touch ID, consequently introduced Apple Pay, whereby a customer could use Touch ID to make a payment. This was followed by the release of similar services by competitors such as Samsung Pay and Android Pay. And we’re now seeing developments in the use of more sophisticated biometric technologies, too. Spanish banking group BBVA are trialling a facial recognition payment system with their employees to use in the company’s corporate restaurants and cafes, meaning they simply have to look at a camera booth next to the cash registers to pay for their food. UK retail bank First Direct also now allows its customers to pay by giving voice commands to the Apple digital assistant Siri.


Looking ahead

As fraud evolves, nothing can be 100% secure, and the use of biometrics is not yet perfect. Different biometric algorithms and back-end processes have to balance between competing priorities to catch as much fraud as possible, while letting trusted consumers through. While a strict algorithm will catch a higher number of fraudulent transactions, it might also incorrectly stop some genuine ones. Conversely, an algorithm that focuses on optimising speed might let through a few more fraudulent attempts. This is why pioneering new technology, such as artificial intelligence and machine learning, is so important. It complements biometrics by adding a further layer to the authentication process. Machine learning continuously evolves to understand patterns and behaviours, meaning it will develop and improve at identifying new types of fraud over time

The payments industry needs to embrace these new technologies and their benefits in order to provide the best experience for the customer, whilst cutting down on potential fraud. Banks should also review their payment transaction processes and add biometrics to protect both their business and their customers.  Added to the numerous biometric authentication pilot programmes already in the pipeline, it promises to be an exciting few years ahead for the payments industry and the consumer.

About Kevin Trilli

Kevin Trilli is Chief Product Officer and Interim CTO at Onfido. Based in Onfido’s San Francisco office, Kevin has over 20 years of product and entrepreneurial experience in digital data security, privacy and governance. He leads the strategic evolution of the Onfido product platform to a leading provider of identity trust services.

About Onfido

Onfido’s vision is for everyone to be able to easily and securely prove their legal identity online. Using machine learning technology, Onfido validates a user’s identity document and compares it with their facial biometrics, enabling companies to automate checks on over 600 document types across 192 countries, detecting anomalies automatically, and using human experts to verify outliers.

Onfido has raised over $60 million in funding from prestigious investors including Crane Venture Partners, Microsoft Ventures and Salesforce Ventures. Onfido works with over 1,500 customers, including leading companies across a wealth of industries, including ArroMoney, Remitly, and Bitstamp.