Will biometrics replace passwords?
In-person payments become more secure all the time. First came the switch from magnetic strip cards to chip cards. The next wave is for biometric authentication to replace PINs and passwords.
The downside of passwords
It’s relatively easy for thieves to get through authentication systems that rely on a PIN or password. Passwords can easily be stolen and reused. It is also easy for fraudsters to guess a password simply by entering a common one.
SplashData releases its annual “Worst Passwords List” to demonstrate consumers’ risky password choices. This list is compiled from more than 2 million passwords leaked over the course of the year. Two passwords have topped the list since its inception in 2011: “123456” and “password.” This year, a number of Star Wars references also popped up in the top 25, including “solo,” “starwars” and “princess.”
Rather than requiring users to come up with a secure combination of numerals, numbers and symbols, biometrics use identification characteristics like fingerprints, retina scans, facial recognition, voice pattern, DNA and other biological markers to identify individuals. This makes them safer than passwords and likely to be the future of authentication and security in payments.
The rise of biometrics
A study from Acuity Market Intelligence predicted mobile biometrics will generate $34.6 billion in annual revenue in 2020 and disrupt the global payment market. The report also forecasted that biometrics would be used to authenticate almost 65 percent of all m-Commerce transactions in 2020, representing roughly 126 billion transactions overall.
This technology is already used in some situations, such as border control and law enforcement. Consumers, especially younger ones, are increasingly ready to integrate biometrics into their day-to-day lives. A 2015 survey from VISA found that 75 percent of 16-24 year olds would feel comfortable using biometric security. In fact, half of young people predict passwords will be completely out of use by 2020. These consumers see existing security measures like PINs as annoying. They are more likely to perceive these steps as irritating than other adults are, and 69 percent agree it would make their lives easier to stop using them.
While biometrics are in general safer than passwords, they don’t completely prevent theft. They also carry additional risks because unlike a password, a fingerprint cannot be changed. This means a victim of this type of theft could deal with repercussions forever.
In 2015, the U.S. Office of Personnel Management revealed 5.6 million people’s fingerprints were stolen during a cyberattack, The Washington Post reported.
Right now, fraudsters may not be able to do much with their stolen fingerprints, but that could change as technology evolves. Even as security solutions improve over time, thieves often find ways around them. It’s crucial for companies to invest in more than one security mechanism. For instance, fraud prevention systems that use data and machine-learning to quantify user behaviors over time can operate in tandem with biometrics to provide a higher level of security.