Thanks to the efforts of the FIDO alliance and big businesses such as Google and Apple, passwordless authentication is growing in the world of banking and credit card transactions. Biometric features are increasingly found to be fast, safe, efficient, and more secure for users, though some factors are still being addressed.
Ironically, despite the United States’ reputation for developing cutting-edge technology, the American public often is slower to adopt new technologies and techniques compared to the rest of the world. For example, Alipay was one of the earliest vendors to introduce facial biometric payment in China. As a result of this early implementation, payment using facial biometrics is ahead of the curve in China compared to the United States. However, part of the reason for the slower uptake in the United States is cultural factors. Whereas Chinese shoppers don’t worry too much about whether facial biometrics are an invasion of privacy, American shoppers do and thus express reluctance. Conversely, American shoppers seem more comfortable with a fingerprint biometric than many other countries.
Another issue is trust and regulation. Europe is generally regarded as a harsher, more regulated, and thus “safer” transactional environment. So the thinking is that if biometric transactions meet the stringent demands of European Union financial regulations, that will mean they more easily exceed the safety and privacy requirements that would be in place in the United States.
One of the most promising approaches for banking and credit card transactions has been using mobile devices for verification and authentication. There are multiple reasons this solution is popular, not the least of which is the ubiquity of such personal mobile devices in most of the population. However, the other advantage of this is that biometric authentication can remain private.
In this solution, biometrics and the data required for authentication remain on the phone and not in some online database where a breach would result in the theft of private information. Instead, once someone’s biometrics have been confirmed, the mobile device itself is considered authenticated. It can communicate with other networks, using a multifactor authentication system, of which biometrics is merely one link in the chain but the easiest one for people to use, while other factors handle the “heavy lifting” in the background. All of this is part of the initiatives employed by the FIDO alliance to make things easier. If you’re interested in using the FIDO protocol and moving to a passwordless authentication system, read here to learn more.