Paygilant: You Need More Than Behavioral Biometrics in Mobile Payments

January 21, 2019         By: Steven Anderson

We all know that security is still the big problem in mobile payments. Despite a slew of advancements to the contrary, it keeps coming up as the problem of the day. What’s more, even the heaps of advancements we have now only just keep up with the pace of criminals eager to find new solutions. That’s led many mobile payments companies–among others–to look into biometrics for security. A new report sent our way from Paygilant, however, says that a behavior-based biometrics platform alone will not do the job.

Mobile payments today, the report notes, face a paradox. Customers want access to super-convenient, high-speed systems with virtually no hassle, but want these systems secured with iron imperviousness. In other words, they want a door that can’t open to anyone but them. Too much security eliminates convenience, and vice versa, making the customer’s demands seemingly irreconcilable. Enter biometrics, which connect to a certain part of a customer’s biology like voiceprints or thumbprint.

At first, this seemed like the ultimate solution. Behavioral biometrics also became part of the mix, as authentication processes considered the speed of your scrolling, the angle at which you hold a device, or other factors. The problem with these, however, is that they could be simulated by bad actors. If a hacker learned what angle you held your device at–possible with enough observation–that hacker could effectively pretend to be you. Hence the study, which found that depending on this form of biometrics was a recipe for failure.

Honestly, the point of this study somewhat eludes me. Most users likely don’t even consider behavioral biometrics to be biometrics in the first place. We think of thumbprints, fingerprints, iris scans…things immediately related to body parts that can’t be simulated or stolen beyond the realm of science fiction or outright horror. Yet here we’ve also seen how biometric advances don’t last; remember how Google’s facial recognition systems were beaten by a photograph?

The Paygilant study demonstrates to us what we’ve known all along; no one security mechanism is perfect and can be counted on absolutely. We must use multiple methods, and we must continually refine these methods to ensure our systems are safe, even if we must surrender at least some convenience to do the job right.