BEHAVIORAL BIOMETRICS IN MOBILE PAYMENTS SECURITY

The market for U.S. mobile payments is expected to expand to $142 billion by 2019, according to recent reports by Forrester Research. Meanwhile, U.S. consumers have already undergone a transformation when it comes to using mobile phones and associated technologies.

Mobile Payments – Risks and Challenges

With all this energy and momentum around mobile payments, multiple payment advocates are competing for attention, with each party advancing a different vision for where the consumer’s electronic wallet, the trusted source of credentials should reside: on a card, on a phone, or in the Cloud. These various approaches create new challenges and in some cases have the potential to establish exciting new business models. Some challenges:

• New processes create new security vulnerabilities. For example: over-the-air (OTA) provisioning of payment credentials and applications potentially creates new attack vectors for eavesdroppers to steal and misuse customer data
• Data breaches leading to painful disclosures, adverse publicity, and fines
• Failure to understand exactly where and how sensitive account data is stored and transmitted can prevent organizations from clearly defining and implementing data protection solutions
• Overly cumbersome and expensive security schemes can hinder an organization’s ability to adapt quickly to new opportunities or to scale its business processes to meet rising service demands

One major challenge for the adoption of mobile payment technology and services is the perception of insecurity as indicated in a survey conducted by the Federal Reserve.

What will happen in 2015

As mobile payments become more and more commonplace, authentication solutions that minimize the potential for fraud and malware attacks are becoming part of the basic requirements. That, of course, means moving beyond passwords. Biometrics are gaining steam in the authentication arena – from Apple Pay’s fingerprint recognition capability to various behavioral biometric solutions to the new FIDO approaches.

Biometric technology has been used for decades as a reliable and accurate individual identification tool by using behavioral and physiological traits for personal identification. Two people can’t have the same unique biometrics, even identical twins. Yet, single-characteristic approaches (i.e., a finger print, retina scan, and voice recognition) have recently been shown to be vulnerable to physical hacks, leveraging techniques like 3D printing and even wax moulds.

There will soon be a biometric security push into enterprises, driven by the integration of multimodal biometrics authentication into multi-factor authentication platforms. Soon other modalities are expected to join fingerprint as popular biometric technologies on smart mobile devices. Multiple modalities will complement each other to enhance security and to provide choice to match context and environment.

Behavioral biometrics on mobile devices will start to become a more important modality because this can provide continuous authentication while a person is naturally using their device. By analyzing how a person implicitly uses their device it is now possible to recognize users. The technology can also be combined with other biometric modalities and authentication factors to create an authentication risk scoring that has the ability to reduce fraud. Its ability to integrate into fraud and risk management solutions makes it an ideal technology for financial services and enterprises.