Two-thirds of European consumers want to use biometrics to make payments easier and more secure. This is the finding of new research commissioned by Visa Inc and undertaken by Populas during late April and early May 2016. More than 14,000 people were questioned in France, Germany, Italy, Poland, Spain, Sweden and the UK.
The figure rises to three-quarters who consider that a biometric used as a second factor combined with a payment device will be secure.
Jonathan Vaux, Executive Director of Innovation Partnerships at Visa Europe commented, “One of the challenges for biometrics is scenarios in which it is the only form of authentication. It could result in a false positive or false negative because, unlike a PIN which is entered either correctly or incorrectly, biometrics are not a binary measurement but are based on the probability of a match. Biometrics work best when linked to other factors, such as the device, geolocation technologies or with an additional authentication method.”
Fingerprints are the favored biometric, with a 53% approval rating. This is followed by a combination of PIN and a biometric at 29%, retina scanning at 23% and facial recognition at 15%. It is noticeable that the preferred biometrics can all be associated with mobile devices such as a smartphone — and this may indeed be behind the specific consumer preferences.
There is little surprise at this growing acceptance of biometrics. Richard Lack, sales director at Gigya, commented, “The news that two in three European consumers want to use biometric technology when making payments comes as no surprise. Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe.”
“The use of biometrics for payments,” Alan Goode, MD of mobile and biometrics consultancy Goode Intelligence told SecurityWeek, “is another indication of how this very personal form of customer authentication is being accepted. The replacement of inconvenient PINs and passcodes for payment authentication and authorization by biometrics is a natural progression to a frictionless payment experience.”
The reality is that passwords alone have been considered insufficient for years. It’s not so much the technology that is weak, but that the process causes friction between the user and the service. This results in users cutting corners for ease and speed; and it is the cut corners that cause the weakness. A new report on card fraud published this week claims that nearly 30% of consumers have experienced card fraud in the past five years, and that 54% of consumers in European countries exhibit at least one ‘risky behavior’.
“There is always a balance between usability and security,” says the report, “and if security becomes too onerous for the users, they find a way around it (such as writing down PINs or passwords). Too high of a barrier actually motivates users to engage in risky behaviors.
More firms are looking for ways to improve customer experience and security at the same time. Passive biometrics and more intelligent monitoring tools are two examples of techniques used to improve security while avoiding negative user impact. As mobile banking and card payments grow in adoption, there are new risks with users securing, or failing to secure, their devices.”
It’s all about removing the friction; and the Visa survey demonstrates that European consumers believe that biometrics is the way to do this. It has to be said, though, that not everybody believes they are choosing the right method. ‘Behavioral biometrics’ had the lowest acceptance rate at just 10%; but behavioral or passive biometrics generate the least friction of all methods.
“Passive biometric solutions,” explains Robert Capps, VP at NuData Security, “identify suspicious activity in a completely passive and non-intrusive way by understanding how a legitimate user truly behaves in contrast to a potential fraudster with legitimate information. So, even if the fraudster has your spoofed fingerprint, and all of your account information, organizations can look at your behavioral events, biometrics, device, geography and other layers to determine if you are the real actor behind the device or fingerprint.”
While the security industry has advocated a more secure method of authentication than passwords alone, the Visa survey now confirms that users are ready. This does not, however, mean that Visa will automatically move towards a biometric payments solution.
“In the future we will see a mix of solutions dependent on the purchasing situation,” Vaux continued. “By adapting our standards to recognize these technologies as valid forms of authentication now, we can help provide the environment for payments to continue to take place securely, conveniently and discreetly.”
